Federated Authentication and "Error occurred during a cryptographic operation"

Question

I got this exception when I try get my home page on ASP.NET MVC application.

[CryptographicException: Error occurred during a cryptographic operation.]
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +246
System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +191
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +173
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +756
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +100
System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +1164
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +287
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +231
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

From what I understand something get wrong in the cookie for SessionAuthenticationModule. If you clear the cookies (as stated already here Federated Authentication on Azure) it works. What I would like is to understand what is going on, how to catche the exceptions and fix the issue.

@WiktorZychla: They were from a previous build and cached in my browser — Dave, Apr 05 '13 at 16:57
@SimonHalsey: Yes they will be but for now they are run locally with the compute emulator, iis express, ... — Dave, Apr 05 '13 at 16:58
Sounds like a duplicate of this then http://stackoverflow.com/questions/14119965/federated-authentication-on-azure — Wiktor Zychla, Apr 05 '13 at 17:46
@WiktorZychla: Same problem I guess but wrong solution. We can't ask everyone to clean there cache when we see this error. What I would like is to understand what is going on, how to catche the exceptions and fix the issue. — Dave, Apr 05 '13 at 18:42
Thr easiest workaround would be to change the name of the cookie in your cookie section of federation settings. This way old cookies would be discarded at the server side. — Wiktor Zychla, Apr 05 '13 at 19:47

score 17 · Answer 1 · edited May 23 '17 at 11:54

17

The cookie, when issued, contains security token encrypted using the current machineKey. When the cookie from the previous build is sent back to server, SAM (more precisely the token handler) tries to decrypt it using the new value of machineKey which causes the error. Check my answer in the related post (Federated Authentication on Azure) to mitigate the error. HTH

edited May 23 '17 at 11:54

Community

1
1

answered Apr 24 '13 at 21:46

eXavier

4,821
4
35
57

score 4 · Answer 2 · answered Jul 19 '16 at 14:39

4

I faced the same problem. I just cleared all of browser's cookies and cache data and it got fixed.

answered Jul 19 '16 at 14:39

Baqer Naqvi

6,011
3
50
68

In my case, It is fine since i fixed it. – Baqer Naqvi Aug 08 '16 at 08:24
Well, how did you fix it? – Don Rolling Aug 08 '16 at 16:12
I was logged in with old credentials, i made some chages in my authentication and that exception occured. Then I washed-out all of my browser's cache and cookies and I logged out and logged in, problem solved. – Baqer Naqvi Aug 09 '16 at 08:29
It is a quick fix, for make a solution work. This is not a full fix to the issue. – Juan Acosta Apr 28 '17 at 00:34
what is the full fix then ? @Juan Acosta – Majid khalili Oct 16 '17 at 08:10
@BaqerNaqvi so you are manually clearing the cookies each time you experience this problem? Great fix,.... – sensei Nov 15 '17 at 16:48

Federated Authentication and "Error occurred during a cryptographic operation"

2 Answers2