New Posts New Posts RSS Feed: SessionBundle Encryption Problems
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

SessionBundle Encryption Problems
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
stephenmcd1 View Drop Down
DevForce MVP
DevForce MVP


Joined: 27-Oct-2009
Location: Los Angeles, CA
Posts: 166 		Post Options Post Options   Quote stephenmcd1 Quote  Post ReplyReply Direct Link To This Post Topic: SessionBundle Encryption Problems
    Posted: 06-Jul-2010 at 6:02pm
We've started running into some CryptographicExceptions while running our app. The problem is very easy to reproduce in our code and happens when:

1. You log onto an EntityManager
2. Then, the web server restarts
3. Then, you try to access any data with the EntityManager from step 1.
4. The data access will fail with the exception at the end of this post.

I was thinking maybe you have a temporary encryption key that is stored in memory and so if the server restarts, a new encryption key gets made and so now there ends up being a mismatch of keys.  But from what I've read in the help docs, there is just a hardcoded encryption key in the DevForce code that is used.  I've also tried using a specific encryption key using the ideablade.configuration > objectServer > serverSettings > sessionEncryptionKey setting in the web.config of my server thinking that might help but that didn't seem to work (in fact, even if I looked in the debugger at a server-side EntityManager's _entityServerProxy.SessionManager.ServerSettings.SessionEncryptionKey property it always seems to be empty.)

I've run out of things to try.  Is there something I'm missing?  Here is the full exception:

Caught exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.CapiSymmetricAlgorithm.DepadBlock(Byte[] block, Int32 offset, Int32 count) at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at System.IO.Stream.Dispose() at IdeaBlade.Core.CryptoFns.AesDecrypt(String encryptedValue, Byte[] key, Boolean fipsCompliant) at IdeaBlade.EntityModel.SessionBundle.Decrypt(String encryptionKey) at IdeaBlade.EntityModel.Server.SessionManager.GetPrincipalFromEncryptedCredential(SessionBundle sessionBundle) at IdeaBlade.EntityModel.Server.SessionManager.GetPrincipal(SessionBundle sessionBundle) at IdeaBlade.EntityModel.Server.EntityServer.Fetch(SessionBundle sessionBundle, IEntityQuerySurrogate surrogate) at SyncInvokeFetch(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
Back to Top
rhaney View Drop Down
Newbie
Newbie


Joined: 06-Jul-2010
Location: Orange, CA
Posts: 12 		Post Options Post Options   Quote rhaney Quote  Post ReplyReply Direct Link To This Post Posted: 07-Jul-2010 at 5:11pm
I am experiencing the same issue, and have also tried providing a custom key.
 
Any news on a fix?
Back to Top
ting View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 27-Mar-2009
Location: San Francisco
Posts: 427 		Post Options Post Options   Quote ting Quote  Post ReplyReply Direct Link To This Post Posted: 07-Jul-2010 at 6:15pm
Your analysis is correct.  We made a change recently to randomize the encryption key (as opposed to using a default key) so that we have strong encryption turned on by default.  For formal deployments you should be generating you own key and setting it on the server, but this is currently not allowed except in the Data Center Server.  We will have a solution for this soon.
 
Back to Top
ting View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 27-Mar-2009
Location: San Francisco
Posts: 427 		Post Options Post Options   Quote ting Quote  Post ReplyReply Direct Link To This Post Posted: 21-Jul-2010 at 5:44pm

This is fixed in DevForce 6.0.4 (available tomorrow).  It will use the same encryption key across restarts (which will be seeded by the machine identity) and will also allow you to set a custom key, which you should do anyway for a formal deployment.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down