Print Page | Close Window

Padding is invalid and cannot be removed

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3458
Printed Date: 13-May-2026 at 6:26am


Topic: Padding is invalid and cannot be removed
Posted By: Lemispaid
Subject: Padding is invalid and cannot be removed
Date Posted: 27-May-2012 at 8:17pm
Hi Guys,

Devforce Version : 6.1.7
Platform : Silverlight

Getting the subject error while trying to deploy a BOS to IIS 7.0. Here's the scenario;

Our silverlight app has two EntityManagers, one will be remote (stored on clients own IIS server). We have specified the following in the App.Config;

<ideablade.configuration version="6.00" xmlns="http://schemas.ideablade.com/2010/IdeaBladeConfig">
    <logging logFile="log\DebugLog7.xml" />
    <objectServer remoteBaseURL="http://localhost" serverPort="9100" serviceName="EntityService.svc">
      <serviceKeys>
        <serviceKey name="GTPAC" remoteBaseURL="http://testserver" serverPort="81" serviceName="GTPACBOS/EntityService.svc/sl" />
      </serviceKeys>
      <clientSettings isDistributed="true" />
    </objectServer>
  </ideablade.configuration>

The underlying Entity Manager is created using the following;

return new GTPACEntities(new EntityManagerContext(true, null, EntityServiceOption.UseDistributedService, null, null, serviceKey: _userContext.TenantDetails.SERVICE_KEY));

I notice that as soon as this Manager is created, it shares the same SessionKey and IPrinicpal as the main app Entity Manager (created first), this I find strange considering I don't link it to the first manager and I implement a second Login Manager on the remote BOS which doesn't seem to be resolving. The login itself seems to succeed, but as soon as I try to query the manager for an Entity, the below Padding error occurs..

The debug log on the remote BOS is as follows;

2012-05-28 12:46:29  IdeaBlade.EntityModel.Server.SessionManager:GetLoginManager Anonymous access: disabled 
2012-05-28 12:46:29  IdeaBlade.Core.Composition.CompositionHost:GetImportDefSingle CompositionContext: '-IbDefault-' - Probed for non-default 'IEntityLoginManager' and found 'GTPaC.LoginManager'. 
2012-05-28 12:46:29  IdeaBlade.Core.Composition.CompositionHost:CheckMultiExport CompositionContext: '-IbDefault-' - Probed for non-default 'IKnownTypeProvider' and found no matching exports. 
2012-05-28 12:46:29  IdeaBlade.EntityModel.Server.EntityServerHost:<AddBehaviors>b__2 Using DC serializer for EntityServer 
2012-05-28 12:46:29  IdeaBlade.EntityModel.Server.EntityServerHostFactory:CreateServiceHost EntityServer listening on http://egtpac-trial:81/GTPACBOS/EntityServer.svc 
2012-05-28 12:46:29  IdeaBlade.EntityModel.Server.EntityServerHostFactory:CreateServiceHost EntityServer listening on http://egtpac-trial:81/GTPACBOS/EntityServer.svc/sl 
2012-05-28 12:46:30  IdeaBlade.EntityModel.EntityServerProxy:GetInstance Loaded IdeaBlade.EntityModel.EntityServerProxy 
2012-05-28 12:46:30  IdeaBlade.Core.Composition.CompositionHost:GetImportDefSingle CompositionContext: '-IbDefault-' - Probed for default 'IDataSourceKeyResolver' and found 'IdeaBlade.EntityModel.DefaultDataSourceKeyResolver'. 
2012-05-28 12:46:30  IdeaBlade.EntityModel.EntityMetadataStore:LoadMetadataFromEmbeddedResources No metadata resources found in 'GTPaC.ModelDF, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' 
2012-05-28 12:46:30  IdeaBlade.Core.Composition.CompositionHost:GetImportDefSingle CompositionContext: '-IbDefault-' - Probed for any 'EntityServerErrorInterceptor' and found 'IdeaBlade.EntityModel.Server.EntityServerErrorInterceptor'. 
2012-05-28 12:46:30  IdeaBlade.EntityModel.Server.EntityServerErrorHandler:ProvideFault Caught exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.CapiSymmetricAlgorithm.DepadBlock(Byte[] block, Int32 offset, Int32 count) at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at IdeaBlade.Core.CryptoFns.AesDecrypt(String encryptedValue, Byte[] key, Boolean fipsCompliant) at IdeaBlade.EntityModel.Server.CredentialEncryptor.Decrypt(String encryptedCredential, String encryptionKey) at IdeaBlade.EntityModel.Server.SessionManager.GetPrincipalFromEncryptedCredential(SessionBundle sessionBundle) at IdeaBlade.EntityModel.Server.SessionManager.Validate(SessionBundle sessionBundle, Boolean loginIfNotInMap) at IdeaBlade.EntityModel.Server.EntityServer.Fetch(SessionBundle sessionBundle, IEntityQuerySurrogate surrogate) at SyncInvokeFetch(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) 

It should be noted, that when I deploy to my local (development) IIS server, everything works fine, however, as soon as I try to deploy to the remote IIS server, the padding error occurs.

Any help GREATLY appreciated..

Thanks
Marcus


Replies:
Posted By: DenisK
Date Posted: 29-May-2012 at 1:30pm
Hi Marcus,

This type of padding error is almost always caused by not setting the "sessionEncryptionKey" correctly if you're doing load balancing. See the following links for more details.

http://www.ideablade.com/forum/forum_posts.asp?TID=2425&title=padding-error-on-azure - http://www.ideablade.com/forum/forum_posts.asp?TID=2425&title=padding-error-on-azure

http://drc.ideablade.com/xwiki/bin/view/Documentation/deploy-iis#HObjectServer28customconfiguration29 - http://drc.ideablade.com/xwiki/bin/view/Documentation/deploy-iis#HObjectServer28customconfiguration29

I notice that as soon as this Manager is created, it shares the same SessionKey and IPrinicpal as the main app Entity Manager (created first), this I find strange considering I don't link it to the first manager

In 6.1.6, we implement a new feature that provides single sign on/sign off by default. This means that you no longer have to link EntityManagers. Every EntityManager created now uses a default shared AuthenticationContext class. You can optionally turns off this sharing by setting the Options.UseDefaultAuthenticationContext flag.

See the following 6.1.6 release notes for more details.  http://drc.ideablade.com/xwiki/bin/view/Documentation/616-release-notes - http://drc.ideablade.com/xwiki/bin/view/Documentation/616-release-notes

Posted By: Lemispaid
Date Posted: 30-May-2012 at 8:53pm
Thanks Denis, setting the flag on the second Manager seems to have fixed the issue. 

manager.Options.UseDefaultAuthenticationContext = false;

Regards
Marcus


Print Page | Close Window