19
votes

I got this exception when I try get my home page on ASP.NET MVC application.

[CryptographicException: Error occurred during a cryptographic operation.]
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +246
System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +191
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +173
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +756
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +100
System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +1164
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +287
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +231
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

From what I understand something get wrong in the cookie for SessionAuthenticationModule. If you clear the cookies (as stated already here Federated Authentication on Azure) it works. What I would like is to understand what is going on, how to catche the exceptions and fix the issue.

2
How do you issue cookies?Wiktor Zychla
Is your app on Azure?Simon Halsey
@WiktorZychla: They were from a previous build and cached in my browserDave
@SimonHalsey: Yes they will be but for now they are run locally with the compute emulator, iis express, ...Dave
Sounds like a duplicate of this then stackoverflow.com/questions/14119965/…Wiktor Zychla

2 Answers

16
votes

The cookie, when issued, contains security token encrypted using the current machineKey. When the cookie from the previous build is sent back to server, SAM (more precisely the token handler) tries to decrypt it using the new value of machineKey which causes the error. Check my answer in the related post (Federated Authentication on Azure) to mitigate the error. HTH

4
votes

I faced the same problem. I just cleared all of browser's cookies and cache data and it got fixed.