Return to doc.sitecore.com

Fixing Cryptographic Errors.
Prev Next

Author: Ruslan Zhovtonoga
Posted: 10/9/2009 12:00:00 PM

Exception Details: 

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.

Stack Trace:

System.Security.Cryptography.RijndaelManagedTransform.DecryptData
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock

Problem definition and solution:
This error may occur when you browsed another web site and it stored some cookies that cannot be decrypted by the current application.
Clear your browser's cache and cookies, restart IIS and the browser to fix this exception.
In addition, check that the Load User Profile setting of app pool is set to “true”.

Please check the following articles for details:
http://blogs.iis.net/bills/archive/2006/10/18/loadUserProfile-and-IIS7-_2D00_-understanding-temporary-directory-failures.html
http://blogs.msdn.com/vijaysk/archive/2009/03/08/iis-7-tip-3-you-can-now-load-the-user-profile-of-the-application-pool-identity.html

Exception Details:

System.Security.Cryptography.CryptographicException: Access is denied.

Stack Trace:

System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException
System.Security.Cryptography.Utils._CreateCSP
System.Security.Cryptography.Utils.CreateProvHandle

or
Exception Details:

System.Security.Cryptography.CryptographicException: Keyset does not exist.

StackTrace:

System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException
System.Security.Cryptography.SafeKeyHandle._FreeHKey
System.Security.Cryptography.SafeKeyHandle.ReleaseHandle

or
Exception Details:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

Stack Trace:

System.Security.Cryptography.Utils.CreateProvHandle
System.Security.Cryptography.DSACryptoServiceProvider.ImportParameters
System.Security.Cryptography.DSA.FromXmlString

Problem definition and solution:
The application may be trying to write to the cryptographic key storage folder. More details at http://msdn.microsoft.com/en-us/library/bb204778%28VS.85%29.html.

C:\Documents and Settings\{APPLICATION POOL IDENTITY USER NAME}\Application Data\Microsoft\Crypto
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

1. When running Sitecore CMS version prior to 6.0.2, add the following code into the ..\WebSite\global.asax file:

public void Application_Start()
{
   System.Security.Cryptography.RSACryptoServiceProvider.UseMachineKeyStore = true;
   System.Security.Cryptography.DSACryptoServiceProvider.UseMachineKeyStore = true;
}

2. Grant Modify permission to application pool user identity (typically NETWORK SERVICE) to the following folder. Make sure to replace all child object permissions. Restart IIS after granting permissions.

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto (for IIS 5 and IIS 6)
C:\Program Data\Microsoft\Crypto (for IIS 7 and later)

3. If this doesn't work, try giving the same permissions to the Everyone user.

 


Prev Next