Padding is invalid and cannot be removed
2014-02-08 09:46
399 查看
Padding is invalid and cannot be removed
Exception:
Stack Trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32
start, Int32 length, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptString(String s)
Reason:
Usually these errors appear in the web farm deployment when the spiders come through the site and they try to request pages with invalid ViewState, etc. Most likely they are trying to reference an old version of the .axd file because they are built dynamically
and timestamped for authenticity.
If you deploy your application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This
is required because you cannot guarantee which server will handle successive requests.
With manually generated key values, the <machineKey> settings should be similar to the following example. Please make sure <machineKey> element is underneath <system.web> section in the web.config file.
<machineKey validationKey="0BE61B38B9836B541C45728ADB9D93A6FD819169DBB6AD20078A70F474650CC0295C69131E083A6B3762C457BBAF3E66E18F294FDA434B9DD6758631A90A2E20" decryptionKey="B80CC12266B36CCF35EF0708DB5854EDA3BBEBA1A7C89A4E" validation="SHA1"/>
You can refer to the following article to get more information about how to build the validationKey and descriptionKey.
http://support.microsoft.com/kb/312906 - Generate Machine Key using C#
http://www.eggheadcafe.com/articles/20030514.asp - Generate Machine Key Elements for Web Farm
If you want to isolate your application from other applications on the same server, place the <machineKey> in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each
application, but duplicate each application's keys across all servers in the farm.
In the meanwhile, there is an easier approach-- you can disable the keying of viewstate to a particular server using a simple page directive at the top of your .aspx pages:
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyPage.aspx.vb"
Inherits="MyAssembly.MyPage" enableViewStateMac="False" %>
Alternately, you can modify the pages element in Web.config:
<system.web>
<pages enableViewStateMac="false" />
</system.web>
Either way, works great. But the latter solution is not recommended in the production ecommerce site because of security issue.
References:
1. Web Farms and ASP.NET ViewState, http://www.codinghorror.com/blog/archives/000132.html
2. ASP.Net’s WebResource.axd and machineKey badness,
http://blog.aproductofsociety.org/?p=11
3. How To Configure The Machine Key In ASPNET2,
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToConfigureTheMachineKeyInASPNET2
Padding is invalid and cannot be removed
Exception:
Stack Trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32
start, Int32 length, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptString(String s)
Reason:
Usually these errors appear in the web farm deployment when the spiders come through the site and they try to request pages with invalid ViewState, etc. Most likely they are trying to reference an old version of the .axd file because they are built dynamically
and timestamped for authenticity.
If you deploy your application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This
is required because you cannot guarantee which server will handle successive requests.
With manually generated key values, the <machineKey> settings should be similar to the following example. Please make sure <machineKey> element is underneath <system.web> section in the web.config file.
<machineKey validationKey="0BE61B38B9836B541C45728ADB9D93A6FD819169DBB6AD20078A70F474650CC0295C69131E083A6B3762C457BBAF3E66E18F294FDA434B9DD6758631A90A2E20" decryptionKey="B80CC12266B36CCF35EF0708DB5854EDA3BBEBA1A7C89A4E" validation="SHA1"/>
You can refer to the following article to get more information about how to build the validationKey and descriptionKey.
http://support.microsoft.com/kb/312906 - Generate Machine Key using C#
http://www.eggheadcafe.com/articles/20030514.asp - Generate Machine Key Elements for Web Farm
If you want to isolate your application from other applications on the same server, place the <machineKey> in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each
application, but duplicate each application's keys across all servers in the farm.
In the meanwhile, there is an easier approach-- you can disable the keying of viewstate to a particular server using a simple page directive at the top of your .aspx pages:
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyPage.aspx.vb"
Inherits="MyAssembly.MyPage" enableViewStateMac="False" %>
Alternately, you can modify the pages element in Web.config:
<system.web>
<pages enableViewStateMac="false" />
</system.web>
Either way, works great. But the latter solution is not recommended in the production ecommerce site because of security issue.
References:
1. Web Farms and ASP.NET ViewState, http://www.codinghorror.com/blog/archives/000132.html
2. ASP.Net’s WebResource.axd and machineKey badness,
http://blog.aproductofsociety.org/?p=11
3. How To Configure The Machine Key In ASPNET2,
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToConfigureTheMachineKeyInASPNET2
相关文章推荐
- 填充无效,无法被移除(Padding is invalid and cannot be removed)
- Padding is invalid and cannot be removed
- 二级域名共享Cookie时碰到的问题:Padding is invalid and cannot be removed
- Padding is invalid and cannot be removed. 一直提示这个 怎么解决?
- Padding is invalid and cannot be removed 解决方法
- 异常CryptographicException: "Padding is invalid and cannot be removed."的原因
- 填充无效,无法被移除(Padding is invalid and cannot be removed)
- U8v10.1 启动系统管理出现padding is invalid and can't be removed问题的解决方法
- Eclipse:xxxx is required and cannot be removed from the server
- ORA-20003: ORU-10036: object XXX is invalid and cannot be described
- 项目名 is required and cannot be removed from the server解决
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- 解决MYSQL弃用模块错误Deprecated: mysql_query(): The mysql extension is deprecated and will be removed in the future
- This Task Is Currently Locked by a Running Workflow and Cannot Be Edited
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- 解决Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future:
- The state information is invalid for this page and might be corrupted解决办法