Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 317054 - Last Review: October 11, 2005 - Revision: 2.5
Error When You Use 3DES Encryption with Manual Keys in Web.config file of ASP.NET Application
This article was previously published under Q317054
On This Page
SYMPTOMS
When you use the 3DES encryption type for the
validation attribute of the <machineKey> tag in the Web.config file for the application, if you specify a manual key for the
validationKey and the
decryptionKey attributes, you receive the following error message when you browse to .aspx pages on the application:
Server Error in '/WebApplication1' Application.
Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentException: Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection.]
System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count) +0
System.Web.Configuration.MachineKey.GetEncodedData(Byte[] buf, String strModifier, Int32 start, Int32 length) +716
System.Web.UI.LosWriter.CompleteTransforms(TextWriter output, Boolean enableMac, String macKey) +187
System.Web.UI.LosFormatter.SerializeInternal(TextWriter output, Object value) +122
System.Web.UI.Page.OnFormRender(HtmlTextWriter writer, String formUniqueID) +143
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +35
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +395
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +72
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243
System.Web.UI.Page.ProcessRequestMain() +1900
RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Visual Studio .NET service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name Platform
---------------------------------------------------------------------
25-Jan-2002 09:47 1.0.3705.202 1,183,744 System.Web.dll x86
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
Steps to Reproduce the Behavior
- Create an application, and then add the following code (or similar) to the Web.config file in the root directory of the application:
<configuration><system.web>
<authentication mode="Forms" >
<forms name=".ASPXAUTH" loginUrl = "login.aspx" protection="All" >
<credentials passwordFormat = "Clear">
<user name="user" password="password" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey
validationKey="A29D235A751E2BF8209E351E49D50C5DDFE375614A155AC20A929B462D82"
decryptionKey="F65F0153624D903A3481220D07EA1D3A375C3053CC5A6363"
validation="SHA1"/>
</system.web>
</configuration>
- A valid random key of size 60 for the validationKey attribute.
- A valid random key of size 48 for the decryptionKey attribute.
- A validation attribute of SHA1.
- Request the Default.aspx page. Provide valid credentials (user, password), and then click Submit.
- Change the validation algorithm from SHA1 to 3DES.
- Refresh the Default.aspx page in the browser. You receive the error message that is listed in the "Symptoms" section.
| kbhotfixserver kbqfe kbbug kbconfig kbfix kbqfe kbweb KB317054 |
Retired KB Content DisclaimerThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please