NetworkCredential error in ASP.NET

Question

I am trying to access a webpage through ASP.NET using the NetworkCredential class. However I keep getting an exception with the following message System.Security.Cryptography.CryptographicException: The handle is invalid

Below is my code on how I am trying to call the function. Any help is greatly appreciated.

C#:

System.Net.WebClient client = new System.Net.WebClient();
client.Credentials = new System.Net.NetworkCredential("Admin", "Nimda");

Stack Trace

[CryptographicException: The handle is invalid.
]

System.Security.SecureString.ProtectMemory() +154
   System.Security.SecureString.InitializeSecureString(Char* value, Int32 length) +170
   System.Security.SecureString..ctor(Char* value, Int32 length) +65
   System.Net.SecureStringHelper.CreateSecureString(String plainString) +6181188
   System.Net.NetworkCredential..ctor(String userName, String password) +64

Just to be clear, is it the client.Credentials = line that throws the exception or something else ? — Russ Clarke, May 10 '11 at 13:04
Interesting; are you using a certificate store, or have anything cryptographic configured ? — Russ Clarke, May 10 '11 at 13:08
Nothing of the like. I am just trying to access a webpage that requires user credentials. — Seb, May 10 '11 at 13:11
This is being developed on a Windows 7 machine with .NET 4 in Visual Studio 2010. — Seb, May 10 '11 at 13:16

score 5 · Answer 1 · answered Sep 28 '11 at 05:21

5

I've just hit this same problem. I was happening locally under the ASP.NET Development Server in VS 2010. When I executed the app under my Windows 7 / IIS 7, it worked just fine. Hope this helps!

answered Sep 28 '11 at 05:21

BNebula

61
1
2

3

For me, I stopped the development server and restarted the debugger (which also restarts the development server) in VS 2010, then it worked fine. – Finster Mar 12 '12 at 20:19

score 4 · Accepted Answer · answered May 10 '11 at 13:27

4

Ok this is a bit awkward - I've had a look and the error is down to your windows configuration .... somewhere.

The part of the code that's throwing an Exception is actually an interop call to a function in advapi32.dll, specifically:

int status = Win32Native.SystemFunction040(this.m_buffer, (uint) (this.m_buffer.Length * 2), 0);
if (status < 0)
{
    throw new CryptographicException(Win32Native.LsaNtStatusToWinError(status));
}
this.m_encrypted = true;

Calls:

[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success), DllImport("advapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
internal static extern int SystemFunction040([In, Out] SafeBSTRHandle pDataIn, [In] uint cbDataIn, [In] uint dwFlags);

That's returning an error code, causing your exception.

If you're in a workplace, you might want to talk with your sysadmin/network guys to see if there's anything in your local policies that might cause a failure. Otherwise, I'd see what happens if you disable your Anti-virus/disable firewall/turn of any 3rd party proxy software.

Basically, anything that overrides default network functionality. Also, might be worth checking you have all the latest windows updates and that you dont have any virus or malware infection.

Sorry I can't be more specific, but I don't believe this is a .Net/programming error.

answered May 10 '11 at 13:27

Russ Clarke

17,511
4
41
45

What's weird is that we have a standalone program running .NET 3.5 that is done in VB. What we are trying to do is incorporate that standalone program into our website so that it is more accessible to others. Unless I am missing a reference to something I don't see how two similar functions and the way that it is written could differ on the same machine. – Seb May 10 '11 at 13:32
1

ahh hang on, the flag 0, tells this method to encrypt the specified memory in the same process. If your VB is working, it's likely not running the same credentials as your ASP.Net website. Things to check are that the account ASP.Net is using has appropriate access, and that both your application pool and the virtual directory are running the same credentials. Also, are you using impersonation or anything ? – Russ Clarke May 10 '11 at 13:49
Nothing is being done to request the other page in where the credentials are being used. As seen in the above code I create the WebClient and create the NetworkCredential variable. It doesn't go any further then that. Is there something I need to do to prepare the WebClient to allow for the NetworkCredential or vice-versa? – Seb May 10 '11 at 13:55
Yup, what I'm suggesting isn't the credentials that you're specifying in your Credential object, but rather the credentials that the code is running under. If your VB executable is working fine, it's very likely not going to be running under the same credentials as your ASP.Net website. You might be able to tests this by running this code as a power-shell script. – Russ Clarke May 10 '11 at 13:59
So you are recommending that I write a power-shell script and pass in the information that I need into the script from the ASP.NET page? – Seb May 10 '11 at 14:05
I'm just writing a sample for you; you can use Powershell to instantiate a webclient and network credential object to see if you get the same error outside of asp.net, or you could try a quick C# console app. – Russ Clarke May 10 '11 at 14:06
I just ran a basic C# console application so that I can just directly port my code over and it worked perfectly. – Seb May 10 '11 at 14:15

score 0 · Answer 3 · answered May 10 '11 at 14:08

This should work in a standard powershell console:

Add-Type -AssemblyName System.Net
$client = New-Object System.Net.WebClient
$netc = New-Object System.Net.NetworkCredential("Admin", "Nimda")
$client.Credentials = $netc

Will be interesting to see if this generates the same invalid handle error.

Edit: Apologies, there was a typo in the 2nd line.

NetworkCredential error in ASP.NET

3 Answers3

Linked