An asp.net web application deployed to a remote server is returning a hundred of these errors per hour. They began when I upgraded the environment from .net 4.0 to .net 4.5. I tried further upgrading to .net 4.5.1 and even brought it back to .net 4.0 but
I cannot stop these errors occurring. The web.config has MachineKey.DecryptionKey specified, though I don't know where I got the value for the key. All the errors refer to WebResource.axd. With the orginal upgrade, I made some changes to an asp:Menu. The only
NuGet package being used is AjaxControlToolkit, which I need to keep synchronised with changes to the .net version. I'm at a total loss of what to do, and it's urgent.
Stack trace: at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData)
at System.Web.UI.Page.DecryptString(String s, Purpose purpose)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
As stated in the original post, MachineKey is already present, has been for several years. The application is currently in .net 4.5.1. Here is the machinkey element from web.config:
The article you referred me to is beyond my experience to comprehend in detail, though I understand that there have been fundamental cryptographic changes with the release of .net 4.5 and there could be potential compatibility issues.
I added compatibilityMode="Framework20SP1" to the original machinekey element, and it made no change to the errors generated. Was your intention that I generate new machineKey and decryptionKeys in IIS7 and add compatibilityMode="Framework20SP1" as well?
If so, I've yet to try this as the environment is in production, but if I did, can I expect that in changing the IIS keys existing users will still be able to login without needing to change their passwords?
Reproduce in a new project: I have a couple of other applications running on the same server, developed in the same environment, with the same .net version, running in the same application pool in IIS, none of which are producing this error. From this, I
assume it would be difficult to reproduce.
Nothing is encrypted in web.config.
I'm reluctant to share the project because it is a commercial product.
I note you didn't answer my question regarding generating new keys, in my previous post.
The Request URL in every one of these errors is pointing to /WebResource.axd. When I view source of any page on the site, I can see the only object which calls this resource is the site menu, on every page because it's in the master page, and specifically
the <asp:Menu DynamicMenuItemStyle... element. When I upgraded to .net 4.5, I made some changes to the CSS for this menu. Maybe that has somehow caused the problem.
The application was producing about 2.5K errors of this type per day. The host addresses in the error stack revealed they were caused by web crawlers, specifically Russian Yandex bots. I setup a rule in IIS to deny access to Yandex and this fixed the problem.
The Robot.txt technique did not worrk.
None
0 Points
28 Posts
Event code: 3012 The resource identifier failed to decrypt
Dec 12, 2013 06:26 PM|rclancyr|LINK
An asp.net web application deployed to a remote server is returning a hundred of these errors per hour. They began when I upgraded the environment from .net 4.0 to .net 4.5. I tried further upgrading to .net 4.5.1 and even brought it back to .net 4.0 but I cannot stop these errors occurring. The web.config has MachineKey.DecryptionKey specified, though I don't know where I got the value for the key. All the errors refer to WebResource.axd. With the orginal upgrade, I made some changes to an asp:Menu. The only NuGet package being used is AjaxControlToolkit, which I need to keep synchronised with changes to the .net version. I'm at a total loss of what to do, and it's urgent.
Stack trace: at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData)
at System.Web.UI.Page.DecryptString(String s, Purpose purpose)
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
Robert
Participant
1100 Points
400 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 12, 2013 11:00 PM|dyyo|LINK
Please add machineKey in your configuration file(web.config)
How To: Configure MachineKey in ASP.NET 2.0
Dyyo - Microsoft Recommended ASP.NET Hosting
None
0 Points
28 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 12, 2013 11:43 PM|rclancyr|LINK
As stated in the original post, MachineKey is already present, has been for several years. The application is currently in .net 4.5.1. Here is the machinkey element from web.config:
<machineKey validationKey="287C5D125D6B7E7223E1F719E3D58D17BB967703017E1BBE28618FAC6C4501E910C7E59800B5D4C2EDD5B0ED98874A3E952D60BAF260D9D374A74C76CB741803" decryptionKey="5C1D8BD9DF3E1B4E1D01132F234266616E0D5EF772FE80AB" validation="SHA1" />
All-Star
23975 Points
4084 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 16, 2013 02:21 AM|Starain chen - MSFT|LINK
Hi rclancyr,
Please try to generate the machinekey in IIS, for more information, please refer to:
# How to Generate Machine Key in IIS7
http://www.codeproject.com/Articles/221889/How-to-Generate-Machine-Key-in-IIS7
On the other hand, for that error please refer to this link:
http://support.microsoft.com/kb/2431728/en-us
Thanks
Best Regards
None
0 Points
28 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 18, 2013 01:44 AM|rclancyr|LINK
The website didn't have any errors when it was running in .net 4.0. They started after migrating to .net 4.5.1.
I generated a new machinekey and decryptionkey in IIS7 and applied them, replacing the values in web.config.
Then I couldn't login with any user, so I restored the old values. Why did that happen?
All-Star
23975 Points
4084 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 18, 2013 04:57 AM|Starain chen - MSFT|LINK
Hi rclancyr,
Please try add compatibilityMode attribute in the machineKey section, such as:
There is a link that may benefit you:
http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx
Thanks
Best Regards
None
0 Points
28 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 18, 2013 06:05 PM|rclancyr|LINK
The article you referred me to is beyond my experience to comprehend in detail, though I understand that there have been fundamental cryptographic changes with the release of .net 4.5 and there could be potential compatibility issues.
I added compatibilityMode="Framework20SP1" to the original machinekey element, and it made no change to the errors generated. Was your intention that I generate new machineKey and decryptionKeys in IIS7 and add compatibilityMode="Framework20SP1" as well? If so, I've yet to try this as the environment is in production, but if I did, can I expect that in changing the IIS keys existing users will still be able to login without needing to change their passwords?
All-Star
23975 Points
4084 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 18, 2013 11:31 PM|Starain chen - MSFT|LINK
Hi rclancyr,
Could you can reproduce the scene with the new project?
If so, please provide the detail steps to us.
On the other hand, I would like to know, do you encrypted some section of web.config file?
If possible, could you share the project to me?
About share the file in the SkyDrive, please refer to:
http://windows.microsoft.com/en-us/skydrive/change-access-permissions-faq
Thanks
Best Regards
None
0 Points
28 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 19, 2013 12:40 AM|rclancyr|LINK
Reproduce in a new project: I have a couple of other applications running on the same server, developed in the same environment, with the same .net version, running in the same application pool in IIS, none of which are producing this error. From this, I assume it would be difficult to reproduce.
Nothing is encrypted in web.config.
I'm reluctant to share the project because it is a commercial product.
I note you didn't answer my question regarding generating new keys, in my previous post.
The Request URL in every one of these errors is pointing to /WebResource.axd. When I view source of any page on the site, I can see the only object which calls this resource is the site menu, on every page because it's in the master page, and specifically the <asp:Menu DynamicMenuItemStyle... element. When I upgraded to .net 4.5, I made some changes to the CSS for this menu. Maybe that has somehow caused the problem.
All-Star
23975 Points
4084 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Dec 20, 2013 02:29 AM|Starain chen - MSFT|LINK
Hi rclancyr,
Please check the logging method. In my opinion, I think you are using the machine key to encrypt the user name or password.
Thanks
Best Regards
None
0 Points
28 Posts
Re: Event code: 3012 The resource identifier failed to decrypt
Jan 08, 2014 05:33 PM|rclancyr|LINK
The application was producing about 2.5K errors of this type per day. The host addresses in the error stack revealed they were caused by web crawlers, specifically Russian Yandex bots. I setup a rule in IIS to deny access to Yandex and this fixed the problem. The Robot.txt technique did not worrk.