Sitecore returns Padding is invalid and cannot be removed

This is an issue that occurs when updating the IIS with new code. Your Sitecore installation suddently returns an CryptographicException: Padding is invalid and cannot be removed. The message usually contains something like this:

[CryptographicException: Padding is invalid and cannot be removed.]
   System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) +2910
   System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +286
   System.Security.Cryptography.CryptoStream.FlushFinalBlock() +51
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +318
   System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) +290
   Sitecore.Security.Authentication.AuthenticationHelper.GetCurrentUser() +473
   Sitecore.Security.Authentication.AuthenticationHelper.GetActiveUser() +17
   Sitecore.Security.Authentication.AuthenticationProvider.GetActiveUser() +21
   Sitecore.Security.Authentication.AuthenticationManager.GetActiveUser() +39
   Sitecore.Context.get_User() +17
   Sitecore.DateUtil.ParseTimeSpan(String time) +51
   Sitecore.Configuration.Settings.GetTimeSpanSetting(String name, TimeSpan defaultValue) +106
   Sitecore.Caching.CacheManager.InitializeScavenging() +70
   Sitecore.Caching.CacheManager..cctor() +92

Several users have experienced this (read about it at Daniel Ballinger’s Blog or David Huby’s Blog). The problem is tricky because it looks like a server error but is actually local. On the same server, one user might experience the error while another doesn’t.

The problem occurs when Sitecore tries to decrypt the FormsAuthenticationTicket. The Forms Authentication creates a cookie on your local machine which is encrypted. When you update Sitecore, a new key is used for encryption and decryption, hence making the old cookie invalid.

Several solutions have been found to the problem:

  1. Clear your browser cookies. Close the browser and re-open it.
  2. Restart the web sites Application Pool.

If this does not give you anyting, you could try extending the global.asax with the following:

using System.Security.Cryptography;

public void Application_Start()
  RSACryptoServiceProvider.UseMachineKeyStore = true;  
  DSACryptoServiceProvider.UseMachineKeyStore = true;  

About briancaos

Developer at Pentia A/S since 2003. Have developed Web Applications using Sitecore Since Sitecore 4.1.
This entry was posted in Sitecore 6 and tagged , , . Bookmark the permalink.

3 Responses to Sitecore returns Padding is invalid and cannot be removed

  1. Alex says:

    How about front-end users? Do they also have to clear their cookies?
    Does this error appear if you use predefined machine/decryption keys?

  2. briancaos says:

    It’s both front end and back end users that is affected.
    I havent tried to use predifined keys myself, but it would make sense if it worked.

  3. Scott says:

    Another solution that has worked for us to change the cookie name for the authentication ticket in the web.config.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s