port135.com - My journey with IIS, ASP.NET, and Amazon Alexa

Root Cause Analysis for CryptographicException (The data is invalid) error

March 17, 2019March 17, 2019 Ned Leave a comment

When a cookie is empty and corrupt, users may run into intermittent access issues to your website. IIS may record CryptographicException (The data is invalid) error to Event Viewer for this issue. Since the issue is intermittent, there may not be a need for immediate solution. However, a root cause analysis can provide valuable information and clues to prevent future occurrences.

Here is the key part of the error message from the Application container in Event Viewer:

Event code: 3005
Event message: An unhandled exception has occurred.
Trust level: Full
Process name: w3wp.exe
Exception type: CryptographicException
Exception message: The data is invalid.
at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)

CryptographicException (The data is invalid) error in Event Viewer

Solved: HTTP status 413 (Request Entity Too Large)

March 16, 2019March 17, 2019 Ned Leave a comment

Many web applications have pages for users to upload files. Whether or not it’s a PDF document or image file, IIS has a limit for the size of the content users can upload. If the file size exceeds this limit, the application throws “Error in HTTP request, received HTTP status 413 (Request Entity Too Large)” error.

The default upload size in IIS is 49 KB (49152 bytes). The application logs the error message below if user tries to upload a file that is bigger than the default upload size.

Error in HTTP request, received HTTP status 413 (Request Entity Too Large)

You may ask why this issue occurs for sites protected by SSL. It is because the request body must be preloaded during the SSL handshake process.

HTTP/2 SETTINGS frame bug and related registry keys

March 9, 2019March 17, 2019 Ned Leave a comment

HTTP/2 protocol improves the performance and security of today’s digital world. It consists of several frames to carry requests between clients and servers. One of these frames is SETTINGS frame which may be used by attackers to increase CPU usage to 100% in IIS and eventually make the server unresponsive (Denial of Service – DoS).

In this post, we will discuss the root cause and the solution for this bug.

What is HTTP/2 SETTINGS frame?

It is part of the HTTP/2 request which contains 6 parameters to manage communication between peers. Here is how IETF HTTP Working Group explains the usage of this frame:

The SETTINGS frame (type=0x4) conveys configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior. The SETTINGS frame is also used to acknowledge the receipt of those parameters.
SETTINGS in Hypertext Transfer Protocol Version 2 (HTTP/2)