DevForce 2010: SessionBundle Encryption Problems

Print Page | Close Window

SessionBundle Encryption Problems

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=1947
Printed Date: 21-Apr-2026 at 3:49pm

Topic: SessionBundle Encryption Problems

Posted By: stephenmcd1
Subject: SessionBundle Encryption Problems
Date Posted: 06-Jul-2010 at 6:02pm

We've started running into some CryptographicExceptions while running our app. The problem is very easy to reproduce in our code and happens when:

1. You log onto an EntityManager
2. Then, the web server restarts
3. Then, you try to access any data with the EntityManager from step 1.
4. The data access will fail with the exception at the end of this post.

I was thinking maybe you have a temporary encryption key that is stored in memory and so if the server restarts, a new encryption key gets made and so now there ends up being a mismatch of keys. But from what I've read in the help docs, there is just a hardcoded encryption key in the DevForce code that is used. I've also tried using a specific encryption key using the ideablade.configuration > objectServer > serverSettings > sessionEncryptionKey setting in the web.config of my server thinking that might help but that didn't seem to work (in fact, even if I looked in the debugger at a server-side EntityManager's _entityServerProxy.SessionManager.ServerSettings.SessionEncryptionKey property it always seems to be empty.)

I've run out of things to try. Is there something I'm missing? Here is the full exception:

Caught exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.CapiSymmetricAlgorithm.DepadBlock(Byte[] block, Int32 offset, Int32 count) at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at System.IO.Stream.Dispose() at IdeaBlade.Core.CryptoFns.AesDecrypt(String encryptedValue, Byte[] key, Boolean fipsCompliant) at IdeaBlade.EntityModel.SessionBundle.Decrypt(String encryptionKey) at IdeaBlade.EntityModel.Server.SessionManager.GetPrincipalFromEncryptedCredential(SessionBundle sessionBundle) at IdeaBlade.EntityModel.Server.SessionManager.GetPrincipal(SessionBundle sessionBundle) at IdeaBlade.EntityModel.Server.EntityServer.Fetch(SessionBundle sessionBundle, IEntityQuerySurrogate surrogate) at SyncInvokeFetch(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

Replies:

Posted By: rhaney
Date Posted: 07-Jul-2010 at 5:11pm

I am experiencing the same issue, and have also tried providing a custom key.

Any news on a fix?

Posted By: ting
Date Posted: 07-Jul-2010 at 6:15pm

Your analysis is correct. We made a change recently to randomize the encryption key (as opposed to using a default key) so that we have strong encryption turned on by default. For formal deployments you should be generating you own key and setting it on the server, but this is currently not allowed except in the Data Center Server. We will have a solution for this soon.

Posted By: ting
Date Posted: 21-Jul-2010 at 5:44pm

This is fixed in DevForce 6.0.4 (available tomorrow). It will use the same encryption key across restarts (which will be seeded by the machine identity) and will also allow you to set a custom key, which you should do anyway for a formal deployment.

Print Page | Close Window