Reputation: 435
Key not valid for use in specified state after IISRESET
I have created a Custom STS Login Application and logging in/out functionalities were working fine. But if i login as some user and do IISRESET and then reloaded the page the below error is spitted. (But as expected it works fine after I cleared the cookies and logged in again :) )
Apppool user for STS Application is "A" and he has never windows logged into the server machine, where STS Application is deployed(he is in administrators group and has access to encryption certificates).
I tried to login once as "A" in to the server(Windows Login) and after that all of a sudden this issue is solved.
Can anyone tell why was it not working after IISRESET and working after windows logging in once?
Server Error in '/’ Application.
Key not valid for use in specified state.
[CryptographicException: Key not valid for use in specified state.]
System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded)
[InvalidOperationException: 1D1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details).
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded) +433
Microsoft.IdentityModel .Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte] cookie, Boolean outbound) +189
Microsoft. IdentityModel .Tokens. SessionSecurityTokenHandler. ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +894
Microsoft. IdentityModel .Tokens. SessionSecurityTokenHandler. ReadToken(Byte]] token, SecurityTokenResolver tokenResolver) +118
Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenrrocCookie(Byte] sessionCookie) +363
Microsoft.IdentityModel.Web. SessionAuthenticationModule.TryReadSessionTokenFroaCookie(SessionSecurityToken& sessionToken) +124
Microsoft. IdentityModel .Web. SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +61
System.Web.SyncEventExecutionstep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System. Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
Version Information: Microsoft .NET Framework Version:4.D.30319; ASP NET Version:4.O.30319.272
Upvotes: 1
Views: 3148
Answers (1)
Reputation: 973
If you're running with the default WIF config, the keys used to secure the session tokens are handled through DPAPI and are stored in the user profile. These keys change on iisreset unless you configure IIS with "Load User Profile" as true.
If you're running on .NET 4.5 the easiest approach would be to configure machineKeys for your application and use the new MachineKeySessionSecurityTokenHandler, as documented in Wif and Web Farms.
Upvotes: 1
Related Questions
- "Error occurred during a cryptographic operation" when decrypting Forms cookie
- <machineKey decryptionKey="AutoGenerate"... being ignored by IIS. Won't invalidate previous session's cookies
- Microsoft.IdentityModel: Key not valid for use in specified state
- CookieAwareWebClient argument can't be zero
- Cookie's key stored in memory, can't switch server
- Reading cookie value : Using URL Rewrite Provider module - Unable to validate at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData
- key not valid for use in specified state
- CryptographyException with MachineKey.UnProtect and Cookies in ASP net 4.5
- Is it possible to tell IIS to treat all old cookies as expired? (CryptographicException)
- CryptographicException ID1073 error The is invalid on ASP.NET 4.0 site