We recently patched our 12 servers, now have been getting the following exceptions across all servers when hitting URL similar to this... (URL has been modified)
http://thedomain.com/WebResource.axd?d=yj6P234W1h22bOvqe2sdf2f=
System.Web.HttpException - Invalid viewstate.
Stack trace:
at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
UPDATE
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo, Boolean signData)
at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
at System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection queryString)
at System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponse response, NameValueCollection queryString, VirtualFileReader fileReader)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
This sounds like you have different encryption keys for the servers, which results in one server not being able to decrypt ViewState generated on a different server. See the following for additional information on how to fix it:
How To: Configure MachineKey in ASP.NET 2.0
Generate Machine Key Elements for Web Farms
Related
I have seen various questions regarding this error but couldn't find any relevant solution.
I am using stackexchange.redis.strongname assembly version 1.2.6.0 for connecting to redis server version 3.2.10 and randomly facing this RedisConnectionException.
Our architecture is web farm architecture hosted over AWS and sometimes one machine is not able to connect to redis server but the other one works fine. So this gives us surety that redis server is up and working fine. Also we tried to connect using redis-cli.exe when one machine is not able to connect and it works fine without any issues.
I am sharing the complete exception below:
[RedisConnectionException: It was not possible to connect to the redis server(s); ConnectTimeout]
[RedisConnectionException: No connection is available to service this operation: EVAL; It was not possible to connect to the redis server(s); ConnectTimeout; IOCP: (Busy=0,Free=1000,Min=2,Max=1000), WORKER: (Busy=767,Free=32000,Min=2,Max=32767), Local-CPU: n/a]
StackExchange.Redis.ConnectionMultiplexer.ExecuteSyncImpl(Message message, ResultProcessor`1 processor, ServerEndPoint server) +4657
StackExchange.Redis.RedisBase.ExecuteSync(Message message, ResultProcessor`1 processor, ServerEndPoint server) +122
StackExchange.Redis.RedisDatabase.ScriptEvaluate(String script, RedisKey[] keys, RedisValue[] values, CommandFlags flags) +142
Microsoft.Web.Redis.<>c__DisplayClass4.<Eval>b__3() +56
Microsoft.Web.Redis.StackExchangeClientConnection.RetryForScriptNotFound(Func`1 redisOperation) +135
Microsoft.Web.Redis.StackExchangeClientConnection.RetryLogic(Func`1 redisOperation) +144
Microsoft.Web.Redis.StackExchangeClientConnection.Eval(String script, String[] keyArgs, Object[] valueArgs) +542
Microsoft.Web.Redis.RedisConnectionWrapper.TryTakeWriteLockAndGetData(DateTime lockTime, Int32 lockTimeout, Object& lockId, ISessionStateItemCollection& data, Int32& sessionTimeout) +262
Microsoft.Web.Redis.RedisSessionStateProvider.GetItemFromSessionStore(Boolean isWriteLockRequired, HttpContext context, String id, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actions) +1160
Microsoft.Web.Redis.RedisSessionStateProvider.GetItemExclusive(HttpContext context, String id, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actions) +211
System.Web.SessionState.SessionStateModule.GetSessionStateItem() +176
System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData) +1018
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +710
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +634
Here is the code which I am using for creating connection to redis server
var configOptions = new StackExchange.Redis.ConfigurationOptions
{
ConnectTimeout = 5000,
ConnectRetry = 5,
SyncTimeout = 5000,
AbortOnConnectFail = false,
};
configOptions.EndPoints.Add(host, port);
var conn = StackExchange.Redis.ConnectionMultiplexer.Connect(configOptions);
return conn;
Can anyone help me to find out the root cause for this issue or some steps to debug it would also be of great help.
Occasionally we get the following error. I have not been able to reproduce it. I've tried logging out and navigating to a page that requires authentication, but it doesn't throw this exception.
So far this exception has only occurred on web services that are called immediately after page load. (So page load occurs, then an onready event starts loading some data with ajax calls)
We are using web forms with a SQL server session store.
Unable to cast object of type 'System.DBNull' to type 'System.Byte[]'.
at System.Web.SessionState.SqlSessionStateStore.DoGet(HttpContext context, String id, Boolean getExclusive, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) at System.Web.SessionState.SqlSessionStateStore.GetItemExclusive(HttpContext context, String id, Boolean& locked, TimeSpan& lockAge, Object& lockId, SessionStateActions& actionFlags) at System.Web.SessionState.SessionStateModule.GetSessionStateItem() at System.Web.SessionState.SessionStateModule.BeginAcquireState(Object source, EventArgs e, AsyncCallback cb, Object extraData) at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
What can I do to fix this?
Sounds like your session is timing out yet you are assuming you are retrieving the object from the session state.
I suggest adding a null check to the code before attempting to assign the session object.
I have a simple .net application using the .NET 2.0 runtime in IIS 7.5 where I've changed the machine key in the web.config to use the following:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>
This works fine locally, but when I publish to the server I get an "HttpException (0x80004005): Unable to validate data" whenever browsing the site. I've made sure to set compilation debug="false". Setting the validation method to 3DES eliminates this issue, but we have a requirement to work with SHA1. Is there some configuration option I'm missing here? see the stack trace below.
[HttpException (0x80004005): Unable to validate data.]
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo, Boolean signData) +1008
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +91
System.Web.UI.Page.EncryptStringWithIV(String s, IVType ivType) +83
System.Web.UI.Page.EncryptString(String s) +30
System.Web.Handlers.RuntimeScriptResourceHandler.GetScriptResourceUrlImpl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +1497
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(List`1 assemblyResourceLists, Boolean zip, Boolean notifyScriptLoaded) +1148
System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +152
System.Web.Handlers.ScriptResourceHandler.GetScriptResourceUrl(Assembly assembly, String resourceName, CultureInfo culture, Boolean zip, Boolean notifyScriptLoaded) +37
System.Web.UI.ScriptManager.GetScriptResourceUrl(String resourceName, Assembly assembly) +105
System.Web.UI.ScriptRegistrationManager.RegisterClientScriptResource(Control control, Type type, String resourceName) +113
System.Web.UI.ScriptManager.System.Web.UI.IScriptManager.RegisterClientScriptResource(Control control, Type type, String resourceName) +14
System.Web.UI.ClientScriptManager.RegisterClientScriptResource(Control control, Type type, String resourceName) +53
System.Web.UI.WebControls.Menu.OnPreRender(EventArgs e, Boolean registerScript) +113
System.Web.UI.WebControls.Menu.OnPreRender(EventArgs e) +25
System.Web.UI.Control.PreRenderRecursiveInternal() +80
System.Web.UI.Control.PreRenderRecursiveInternal() +171
System.Web.UI.Control.PreRenderRecursiveInternal() +171
System.Web.UI.Control.PreRenderRecursiveInternal() +171
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842
Are you running the application in an truly .NET 2.0 app-pool? (I am asking because you are using IIS 7.5).
If not, bear in mind that there has been a change in the encryption algorithms in the .NET 4.5 framework.
If you need to be compatible with the < .NET 4.5 Framework you will need a compatibility tag:
<machineKey compatibilityMode="Framework20SP1" />
See http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx or http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx for details.
I found that when the local security policy for "System crytography:use fips compliant algorithms for encryption, hashing, and signing"(Security Settings >> local policies >> securityOptions) is set to true, Sha1 will not function, which is the reason why I'm getting the error in this case.
I sometimes have double web requests (no double clickers).
Can anyone please tell me what causes them, so I can prevent them?
initial situation:
It is a .Net 3.5 C# Application running in IIS7. No Asp.Net with ViewState. Just PageHandlers with
Xml/Xslt Transformations.
The code is very old. This problem just appeared out of the blue some time ago.
We send emails there and thats how it popped up. We sometimes suddenly received two mails instead of one.
My observations so far:
It happens seldom, but nonetheless sometimes. Apparently random.
The Sent Bytes at the first Request are 0, but they are not double clickers. HttpContext.Current.Response.IsClientConnected is true.
My assumptions so far:
It seems that something goes wrong in the SessionHandling (via Sql-Server) and this reopens the request?
IIS Log:
2012-03-02 08:16:43 W3SVC9026 [Server] [Server IP] POST [Internal URL] - 80 - [Client IP] HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+AskTbORJ/5.14.1.20007) ASP.NET_SessionId=[Session Id] [Absolute URL] [Host name] 200 0 64 0 899 937
2012-03-02 08:16:43 W3SVC9026 [Server] [Server IP] POST [internal URL] - 80 - [Client IP] HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+AskTbORJ/5.14.1.20007) ASP.NET_SessionId=[Session Id] [Absolute URL] [Host name] 200 0 0 45888 923 1343
StackTrace:
08:16:43 Regular Request (All normal requests which only run once look that way too)
at System.Environment.get_StackTrace()
at [MyPageHandler.ProcessRequest(HttpContext httpContext) and so on]
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
08:16:44 Additional Request
at System.Environment.get_StackTrace()
at [MyPageHandler.ProcessRequest(HttpContext httpContext) and so on]
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.ResumeStepsFromThreadPoolThread(Exception error)
at System.Web.HttpApplication.AsyncEventExecutionStep.ResumeStepsWithAssert(Exception error)
at System.Web.HttpApplication.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar)
at System.Web.HttpAsyncResult.Complete(Boolean synchronous, Object result, Exception error, RequestNotificationStatus status)
at System.Web.SessionState.SessionStateModule.PollLockedSessionCallback(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading._TimerCallback.PerformTimerCallback(Object state)
I'm getting the following error in our QA environment but only through the IIS7 reverse proxy. If I hit the application server directly it works fine. In our DEV environment it works fine through the proxy or directly.
I'm not really sure where to go with this, any ideas?
Server Error in '/' Application.
Padding is invalid and cannot be removed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: Padding is invalid and cannot be removed.]
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) +2910
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +286
System.Security.Cryptography.CryptoStream.FlushFinalBlock() +51
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +318
System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) +115
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context) +140
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4927
If this is happens on page with out post back then probably your proxy is convertting the url in lowercase chars and break the code.
I have one more bigger answer here with a trick to log the error and see whats really get on your page:
CryptographicException: Padding is invalid and cannot be removed and Validation of viewstate MAC failed