[英]“Error occurred during a cryptographic operation” when decrypting Forms cookie
I've uploaded my website to a webhosting and this error came up;我已将我的网站上传到虚拟主机,但出现此错误;
' Error occurred during a cryptographic operation .'. '在加密操作期间发生错误。'。
I've done some research and it seems that the formauthenticated cookie is bound to the MachineKey (which differs when using webhost).我做了一些研究,似乎经过身份验证的 cookie 绑定到 MachineKey(使用 webhost 时有所不同)。
I've found a method that should fix this problem but the error remains.我找到了一种方法可以解决这个问题,但错误仍然存在。
CODE:代码:
/// <summary>
/// This method removes a cookie if the machine key is different than the one that saved the cookie;
/// </summary>
protected void Application_Error(object sender, EventArgs e)
{
var error = Server.GetLastError();
var cryptoEx = error as CryptographicException;
if (cryptoEx != null)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
Global.Cookies.FormAuthenticated Cookie = new Global.Cookies.FormAuthenticated();
Cookie.Delete();
Server.ClearError();
}
}
STACKTRACE:堆栈跟踪:
[CryptographicException: Error occurred during a cryptographic operation.]
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +115
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData) +59
System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) +9824926
Archive_Template.Main.resolveLoginUser(String sessionKey) in f:\Archive_Template\Archive_Template\Main.aspx.cs:481
Archive_Template.Main.OnPreInit(EventArgs e) in f:\Archive_Template\Archive_Template\Main.aspx.cs:52
System.Web.UI.Page.PerformPreInit() +31
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +335
对于尚未解决问题的任何人,我在 web.config 中缺少用于加密/解密的“machineKey”条目
I faced the same problem.我遇到了同样的问题。 I just cleared all of browser's cookies and cache data and it got fixed.I hope it will work for you too.
我刚刚清除了所有浏览器的 cookie和缓存数据,它得到了修复。我希望它也对你有用。
If you are using forms auth.如果您使用表单身份验证。 you can signout when you catch the exception and allow your users to login and create a valid cookie
您可以在捕获异常时注销并允许您的用户登录并创建有效的 cookie
catch (CryptographicException cex)
{
FormsAuthentication.SignOut();
}
This is due to the machine key is missing, which is used as a symmetric key to do the encryption and decryption.这是由于缺少机器密钥,它被用作对称密钥来进行加密和解密。
To set the machine in the IIS;在IIS中设置机器;
Go to your application -> Machine Keys -> Generate Keys
转到您的应用程序 -> 机器密钥 -> 生成密钥
我也有这个,我从数据库中删除了 UserTokenCaches 表条目。
另一种选择是从浏览器设置中清除 cookie,这允许存储新的 cookie。
I have also experienced this when developing a new solution and running the website on localhost.我在开发新解决方案并在本地主机上运行网站时也遇到过这种情况。 Setting the machinekey made no difference, but simply deleting all the cookies for localhost solved the problem.
设置 machinekey 没有任何区别,但只需删除 localhost 的所有 cookie 即可解决问题。
I ran into this problem when I tried to take a forms authentication cookie created by an ASP.NET 2.0 app and decrypt it inside an .NET4.5 Web API project.当我尝试获取由 ASP.NET 2.0 应用程序创建的表单身份验证 cookie 并在 .NET4.5 Web API 项目中对其进行解密时,我遇到了这个问题。 The solution was to add an attribute called "compatibilityMode" to the "machineKey" node inside my web api's web.config file:
解决方案是在我的 web api 的 web.config 文件中的“machineKey”节点中添加一个名为“compatibilityMode”的属性:
<machineKey
...
compatibilityMode="Framework20SP2"/>
Documentation: https://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx文档: https : //msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx
And from the doc, here are the allowed values for that attribute:从文档中,这里是该属性的允许值:
protected void Application_Error(object sender_, CommandEventArgs e_)
{
Exception exception = Server.GetLastError();
if(exception is CryptographicException)
{
FormsAuthentication.SignOut();
}
}
in your Global.asax.cs, from Catching errors in Global.asax , as long as you use Forms authentication (login/password).在您的 Global.asax.cs 中,从捕获 Global.asax 中的错误,只要您使用表单身份验证(登录名/密码)。 Worked for me.
为我工作。
If you receive this error when implementing single sign on (as described here http://www.alexboyang.com/2014/05/28/sso-for-asp-net-mvc4-and-mvc5-web-apps-shared-the-same-domain/ ), make sure to have the same target framework across all projects.如果您在实现单点登录时收到此错误(如此处所述http://www.alexboyang.com/2014/05/28/sso-for-asp-net-mvc4-and-mvc5-web-apps-shared- the-same-domain/ ),确保所有项目都具有相同的目标框架。 I had one project with .NET 4.0 and the other on .NET 4.5.2.
我有一个使用 .NET 4.0 的项目,另一个使用 .NET 4.5.2。
Changing the first one to 4.5.2 fixed the issue for me.将第一个更改为 4.5.2 为我解决了这个问题。
I was getting crypto errors when validating the AntiForgery token.我在验证 AntiForgery 令牌时遇到加密错误。
I believe it was because I had just made some security control configuration changes to my server to configure application recycling to recycle when Virtual Memory limits hit 1,000,000 Kilobytes.我相信这是因为我刚刚对我的服务器进行了一些安全控制配置更改,以将应用程序回收配置为在虚拟内存限制达到 1,000,000 KB 时进行回收。
This was definitely way too little for virtual memory recycling.这对于虚拟内存回收来说绝对是太少了。 Private memory usage can be set to 1,000,000 KB, but virtual memory should be given a lot more space.
私有内存使用量可以设置为 1,000,000 KB,但应该给虚拟内存更多的空间。
I noticed my application was recycling much too often.我注意到我的应用程序回收太频繁了。
I increased the Virtual Memory limit to 10,000,000 KB and those errors went away.我将虚拟内存限制增加到 10,000,000 KB,这些错误就消失了。 I believe the application pool may have been recycling as I was filling out the form.
我相信在我填写表格时应用程序池可能已经被回收。
I had the same issue: MVC 5 ASP.Net Web Application .net Framework 4.6.1我有同样的问题:MVC 5 ASP.Net Web Application .net Framework 4.6.1
Solution:解决方案:
对我来说,是<httpRuntime targetFramework="4.7.2"/>
导致了兼容性问题。我的应用程序没有在网络中的<httpRuntime targetFramework="4.7.2"/>
中使用 targetFramework="4.7.2" 参数.config 而 webApi 正在使用<httpRuntime targetFramework="4.7.2"/>
从 WebApi 中删除参数或在应用程序中添加参数就可以了。
I had this problem when somebody decided to change the encryption algorithm to DES (a very old standard of encryption).当有人决定将加密算法更改为 DES(一种非常古老的加密标准)时,我遇到了这个问题。 Moving it back to AES (a more modern encryption standard) cleared the error.
将其移回 AES(一种更现代的加密标准)清除了错误。
Might have been something to do with Group Policy disabling DES...可能与禁用 DES 的组策略有关...
The encryption algorithm is hidden in the Machine Key section (with IIS).加密算法隐藏在机器密钥部分(使用 IIS)。 There's probably a way of setting it in the web.config also.
也可能有一种在 web.config 中设置它的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.