My research lead me to think that it occurs when posting invalid viewstate data to the control, could also be caused by an expired session posting stale data.
I am getting the same issue, on a server. I also read that this occurs on web farms etc. However the site we're running is on a classic Webserver --> Dataserver combinations. However we make use of Ajax, I am not sure but I suspect it has something to do
Ajax and Viewstate. Where the user clicks on something on the page and then before waiting for the area to refresh clicks on another sections, therefore the viewstate seems to become invalid.
I suspect this issue is brought on by the fact that performance of the server seems to be very slow. We have tried everything to boost the preformance of the site, from Refactiring code, Changing of switches between servers, increasing the DSL pipe, Optimised
build and deploy scripts, but to no avail.
I have some extensive error reporting built into my app and the only 'user' that ever causes this error is the google bot.
this suggests to me that the google bot is caching the js include that starts webresource.axd?s=ekjsdje4kekjd... and when it goes back and callls it it no longer exists and so the error blows.
Yeah, the only time I have seen this error as well is when the reference to webresource.axd is out of date and invalid. I'm not sure its much to worry about unless you're seeing it ALL THE TIME.
When I had the issue, it was because a template our 3rd party search provider was using had an out of date reference to webresource.axd. I might see that error once a month or even less now.
i found a solution to the issue on Miron Abramsons blog -> http://mironabramson.com/blog/post/2007/10/New--Shiny--WebResourceaxd-compression-Module.aspx
A long read, but when you get halfway down he suggests adding a machineKey to web.config and also excluding *.axd via your robots.txt file.
you can get around the issue with just the robots.txt command but the machinekey goes the full stretch to correct the issue (amongst other things, read up on the machinekey thing if you havent already [;)] )
Hi - I think this issue is connected to several websites running under full trust on the same webserver.
We have recently had to migrate from a shared server with medium trust environment to a shared full trust environment and suddenly this error has popped up.
Seen it before a long time ago and I think the solution is to give your <asp:form /> element(s) a unique ID (it's to do with en/de cryption of viewstate I think) - most often the ID is left blank and so defaults to the _ASPsomething which will then be used
somewhere in the Viewstate encryption (or possible formsauthentication ticked encryption). Problem is that under full trust your web application is not a security boundary so IIS messes this up.
We are currently testing this and I will update this post with our findings.
ashmetry
Participant
1018 Points
279 Posts
Re: Padding is invalid and cannot be removed
Dec 04, 2007 08:25 PM|LINK
Getting the same thing on my website in test http://test.love2trade.com .
My research lead me to think that it occurs when posting invalid viewstate data to the control, could also be caused by an expired session posting stale data.
I dont know whats the work around..Anybody knows?
Web: www.love2trade.com
Blog: blog.love2trade.com
Please remember to click "Mark as Answer" on this post if it helped you.
cykophysh
Participant
783 Points
172 Posts
Re: Padding is invalid and cannot be removed
Dec 04, 2007 09:07 PM|LINK
I am getting the same issue, on a server. I also read that this occurs on web farms etc. However the site we're running is on a classic Webserver --> Dataserver combinations. However we make use of Ajax, I am not sure but I suspect it has something to do Ajax and Viewstate. Where the user clicks on something on the page and then before waiting for the area to refresh clicks on another sections, therefore the viewstate seems to become invalid.
I suspect this issue is brought on by the fact that performance of the server seems to be very slow. We have tried everything to boost the preformance of the site, from Refactiring code, Changing of switches between servers, increasing the DSL pipe, Optimised build and deploy scripts, but to no avail.
Gary Woodfine
My Website || Blog
rfurdzik
Contributor
3439 Points
1731 Posts
Re: Padding is invalid and cannot be removed
Dec 24, 2007 06:48 PM|LINK
I have just noticed getting this error again:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 12/24/2007 2:19:44 PM
Event time (UTC): 12/24/2007 7:19:44 PM
Event ID: 49495d980d884a2397e01accb9e2a781
Event sequence: 7
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1853235269/Root-1-128429974827544050
Trust level: Full
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\zikbay_new.com\
Machine name: H145104
Process information:
Process ID: 37620
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: CryptographicException
Exception message: Padding is invalid and cannot be removed.
Request information:
Request URL: http://www.zikbay.com/WebResource.axd?d=W0HYDbfO3Bxy6Ud0nK10y4i-5cVYuXmXlcSD0hfO-A81&t=633200693056940800
Request path: /WebResource.axd
User host address: 66.249.65.71
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 1
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
at System.Web.UI.Page.DecryptString(String s)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
For more information, see Help and Support Center at
Buy Sell Domains - DomainsHeat.com
Free ASP.NET controls: Youtube Web Control and Ajax Zoom Control
JohanNL
Participant
1644 Points
1227 Posts
Re: Padding is invalid and cannot be removed
Dec 28, 2007 01:06 PM|LINK
I'm having this error also, it seams to have to do something with FormsAuthentication and the encrypting and decrypting of the user cookie.
I have the following code:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,txtLogonName.Text,
DateTime.Now,DateTime.Now.AddDays(30),isPersistent,
string.Empty, FormsAuthentication.FormsCookiePath); // Encrypt the ticket string encryptedTicket = FormsAuthentication.Encrypt(ticket); // Create the cookie HttpCookie cookie = new HttpCookie("UserData", encryptedTicket);cookie.Expires =
DateTime.Now.AddDays(30); cookie.Path = "/";Response.Cookies.Add(cookie);
When I delete my cookie, error is gone.
What goes wrong?
MCPD, MCSE, MCTS BizTalk 2006
==============================
Please mark the most helpful reply/replies as "Answer".
Mr Baldman
Member
31 Points
29 Posts
Re: Padding is invalid and cannot be removed
Dec 28, 2007 04:00 PM|LINK
I have some extensive error reporting built into my app and the only 'user' that ever causes this error is the google bot.
this suggests to me that the google bot is caching the js include that starts webresource.axd?s=ekjsdje4kekjd... and when it goes back and callls it it no longer exists and so the error blows.
even so, google indexes everything correctly
billr578
Member
641 Points
134 Posts
Re: Padding is invalid and cannot be removed
Dec 28, 2007 04:05 PM|LINK
Yeah, the only time I have seen this error as well is when the reference to webresource.axd is out of date and invalid. I'm not sure its much to worry about unless you're seeing it ALL THE TIME.
When I had the issue, it was because a template our 3rd party search provider was using had an out of date reference to webresource.axd. I might see that error once a month or even less now.
http://billrowell.com/
JohanNL
Participant
1644 Points
1227 Posts
Re: Padding is invalid and cannot be removed
Dec 29, 2007 07:36 AM|LINK
But my error is on the cookie, when I delete the cookie the error is gone.
My cookie is encrypted and has to decrypted, maybe it has something to do with that.
MCPD, MCSE, MCTS BizTalk 2006
==============================
Please mark the most helpful reply/replies as "Answer".
Mr Baldman
Member
31 Points
29 Posts
Re: Padding is invalid and cannot be removed
Jan 11, 2008 08:42 AM|LINK
i found a solution to the issue on Miron Abramsons blog -> http://mironabramson.com/blog/post/2007/10/New--Shiny--WebResourceaxd-compression-Module.aspx
A long read, but when you get halfway down he suggests adding a machineKey to web.config and also excluding *.axd via your robots.txt file.
you can get around the issue with just the robots.txt command but the machinekey goes the full stretch to correct the issue (amongst other things, read up on the machinekey thing if you havent already [;)] )
Geckex
Member
277 Points
61 Posts
Re: Padding is invalid and cannot be removed
Mar 27, 2008 06:38 PM|LINK
Hi - I think this issue is connected to several websites running under full trust on the same webserver.
We have recently had to migrate from a shared server with medium trust environment to a shared full trust environment and suddenly this error has popped up.
Seen it before a long time ago and I think the solution is to give your <asp:form /> element(s) a unique ID (it's to do with en/de cryption of viewstate I think) - most often the ID is left blank and so defaults to the _ASPsomething which will then be used somewhere in the Viewstate encryption (or possible formsauthentication ticked encryption). Problem is that under full trust your web application is not a security boundary so IIS messes this up.
We are currently testing this and I will update this post with our findings.
pirate_chris...
Member
2 Points
1 Post
Re: Padding is invalid and cannot be removed
May 13, 2008 04:47 PM|LINK
I have been experiencing the exact same problem across a site run across a web farm.
After reading this thread and doing a little more digging I found this MSDN article:
http://msdn.microsoft.com/en-us/library/ms998288.aspx
See the section entitled "Web Farm Deployment Considerations".
I hope that this helps.
/PirateChristoph