This project is read-only.

BE error - Length of the data to decrypt is invalid

Topics: ASP.NET 2.0, Business Logic Layer, Controls, Themes
Nov 13, 2011 at 4:12 PM
Edited Nov 14, 2011 at 5:06 AM

Running BE 2.5 (Upgraded from 2.0) and am now getting the usual WEB CONFIG error MSG's on the following os/browser combinations:

Mac - Safari, Opera, Firefox

PC - IE, Opera, Safari, FireFox

This usually happens AFTER signing in successfully at least once., and then attempting to access the front page or the admin pages minutes or hours later.

However this same thing happens even when a user has never logged in as ADMIN but is simply trying to view the site.

Flushing the browser cache or manually removing BE cookies sometimes helps, but not always.


And recently I have also been getting:

Length of the data to decrypt is invalid.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: Length of the data to decrypt is invalid.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: Length of the data to decrypt is invalid.]
   System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +9481617
   System.Security.Cryptography.CryptoStream.FlushFinalBlock() +33
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType) +249
   System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) +292
   BlogEngine.Core.Security.ContextAuthenticateRequest(Object sender, EventArgs e) in E:\Projects\BlogEngine_25_Release\BlogEngine\DotNetSlave.BusinessLogic\Security\Security.cs:61
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75


This never happened with BE 1.6, rarely with 2.0, but now almost daily with 2.5

Is anyone else getting this and is there a fix coming soon?



Nov 15, 2011 at 7:07 AM

I've not heard of this error before.  The error can probably be worked around if the code in the BE core (line 61 in Security.cs) were wrapped in a try-catch block to catch this error.

Nov 15, 2011 at 2:35 PM

Thanks for the reply.

But I am an end user, not a coder.

Is this an issue that can be addressed and fixed soon?

Or can a fix be posted in these forums so that others can cut & paste accordingly?

Nov 17, 2011 at 8:17 AM

I added the error checking I talked about into the BE core files for version 2.5.  If you download the ZIP below, it contains 3 files.  Put these 3 files into your BIN directory, replacing the ones that are there.  You should not get this error any longer.