WebResource.axd 要解密的数据长度无效
我在事件查看器中有很多类似这样的错误。我已经研究了所有可能的解决方案,但仍然没有找到有效的解决方案;
该网站是网络农场的一部分;会话状态存储在状态服务器中;所有服务器上的machinekey都是相同的;我什至使用 iiscfg 复制所有服务器上的 iis 设置...仍然没有成功;在 IIS 中,在网站的属性上,我确保未选中 axd 映射的“验证文件是否存在”...
我尝试在 httphandlers 中添加以下行:
<add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True" />
但仍然没有成功...
我真的不知道如何摆脱这个错误。如果有人可以帮助我,我将不胜感激!
整个堆栈跟踪是:
Request URL: http://xxxxxxx/WebResource.axd?d=Nu8EdkxldHhw5_nYPoeh3y1EbfLckWGua0HevmQkJr6irkrdL4WYMMP0l2yqOwM7Sd85LYeggTTTURTygkW9tqcBk1Q1&t=634242073212638436
Request path: /WebResource.axd
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I have a lot of errors in the event viewer that look like this. I have investigated all possible solutions and still haven't found one that works;
The website is part of a webfarm; session state is stored in a state server; machinekey is the same on all servers; i even used iiscfg to copy iis settings on all servers... still no success; in IIS, on properties of the website, I made sure that the "verify if file exists" is unchecked for axd mappings...
I tried adding in httphandlers the following line:
<add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True" />
but still no success...
I really have no idea of how to get rid of this error. If anyone could help me I would appreaciate it!
The entire stack trace is:
Request URL: http://xxxxxxx/WebResource.axd?d=Nu8EdkxldHhw5_nYPoeh3y1EbfLckWGua0HevmQkJr6irkrdL4WYMMP0l2yqOwM7Sd85LYeggTTTURTygkW9tqcBk1Q1&t=634242073212638436
Request path: /WebResource.axd
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我终于设法修复了这些错误...这是一个安全更新,并未安装在所有服务器上,导致加密提供不同的值,即使机器密钥在所有服务器上都相同。
安装了现在就ok了
I finally managed to fix these error... it was a security update which was not installed on all servers and caused the encryption to provide different values even though the machine key was the same on all servers.
Installed it and now it's ok
希望添加有关此问题的更多详细信息以及一些搜索词!
该问题表现为对 WebResource.axd 和 ScriptResource.axd 的请求出现 ASP.Net 错误,例如:
http//mysite/MyApplication/WebResource.axd?d=966IInUloJ...&t=6332662...
这将导致以这种方式交付的图像、脚本、样式表和其他资源都会失败。您会注意到,尽管具有相同的validationKey等,查询字符串上的“d”参数在某些主机上会有所不同...修复后,您可以在所有主机上测试相同的查询字符串。
“/MyApplication”应用程序中的服务器错误。
要解密的数据长度无效。
描述:执行当前 Web 请求期间发生未处理的异常。请查看堆栈跟踪以获取有关错误及其在代码中的来源的更多信息。
异常详细信息:System.Security.Cryptography.CryptographicException:要解密的数据长度无效。
源错误:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
< br>
堆栈跟踪:
版本信息: Microsoft .NET Framework 版本:2.0.50727.5653; ASP.NET版本:2.0.50727.4444
在 Windows 事件日志中,您可能会看到以下错误:
Event Type: Warning Event Source: ASP.NET 2.0.50727.0 Event Category: Web Event Event ID: 1309 Date: 5/23/2011 Time: 3:31:13 PM User: N/A Computer: MYHOST Description: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 5/23/2011 3:31:13 PM Event time (UTC): 5/23/2011 7:31:13 AM Event ID: a66bd05b39c34da6bc3bfd349aefdf24 Event sequence: 71 Event occurrence: 21 Event detail code: 0 Application information: Application domain: /LM/W3SVC/98/Root/MyApplication... Trust level: Full Application Virtual Path: /MyApplication Application Path: d:\inetpub\mysite\MyApplication\ Machine name: MYHOST Process information: Process ID: 15328 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: CryptographicException Exception message: Length of the data to decrypt is invalid. Request information: Request URL: http://mysite/MyApplication/ScriptResource.axd?d=...&t=... Request path: /MyApplication/ScriptResource.axd User host address: 1.1.1.1 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 9 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s)有问题的更新是 MS10-070。即使您的主机认为它已安装,您也可能需要重新安装它以修复随后更改的库或其他内容。
此更新中值得注意的是 KB2431728 - ASP.NET 中的加密内容未解密或导致使用持久表单身份验证 cookie 或部署在网络场中的网站出现错误 - 请参阅详细信息。
...
...
Hoping to add more details on this issue, and some search terms!
The issue manifests as an ASP.Net error on requests to WebResource.axd and ScriptResource.axd such as:
http//mysite/MyApplication/WebResource.axd?d=966IInUloJ...&t=6332662...
This will cause images, scripts, stylesheets and other resources delivered this way to fail. You will notice that the 'd' parameter on the query string will differ on some of your hosts, despite having same validationKey etc... Once fixed, you can test the same querystring on all your hosts.
Server Error in '/MyApplication' Application.
Length of the data to decrypt is invalid.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: Length of the data to decrypt is invalid.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
Version Information: Microsoft .NET Framework Version:2.0.50727.5653; ASP.NET Version:2.0.50727.4444
In the windows event log you may see the error:
Event Type: Warning Event Source: ASP.NET 2.0.50727.0 Event Category: Web Event Event ID: 1309 Date: 5/23/2011 Time: 3:31:13 PM User: N/A Computer: MYHOST Description: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 5/23/2011 3:31:13 PM Event time (UTC): 5/23/2011 7:31:13 AM Event ID: a66bd05b39c34da6bc3bfd349aefdf24 Event sequence: 71 Event occurrence: 21 Event detail code: 0 Application information: Application domain: /LM/W3SVC/98/Root/MyApplication... Trust level: Full Application Virtual Path: /MyApplication Application Path: d:\inetpub\mysite\MyApplication\ Machine name: MYHOST Process information: Process ID: 15328 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: CryptographicException Exception message: Length of the data to decrypt is invalid. Request information: Request URL: http://mysite/MyApplication/ScriptResource.axd?d=...&t=... Request path: /MyApplication/ScriptResource.axd User host address: 1.1.1.1 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 9 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s)The update in question is MS10-070. Even if you host believes it's installed, you may need to reinstall it to fix subsequently altered libraries or something.
Of note in this update is KB2431728 - Encrypted content in ASP.NET is not decrypted or results in errors for a website that uses persisted Forms Authentication cookies or is deployed in a web farm - refer to the details.
...
...
我们有一个网络场,发现根本原因是并非所有服务器都运行相同的 Microsoft Windows 补丁级别。一旦我们将它们全部提升到相同的补丁级别,错误就消失了。
We had a web farm and found the root cause was that not all servers were running at the same Microsoft Windows patch level. Once we brought them all up to the same patch level, the errors went away.
您可能想看看这个:
http://jagbarcelo .blogspot.com/2009/08/solution-padding-invalid-cannot-be.html
请注意,我们遇到了类似的问题,并且在 web.config 中设置机器密钥部分的验证和解密属性似乎帮助,例如:
You might want a look at this:
http://jagbarcelo.blogspot.com/2009/08/solution-padding-invalid-cannot-be.html
Note that we had a similar problem and setting the validation and decryption attributes of the machine key section in the web.config seemed to help, e.g.: