We're running DNN 3.3.5 on a Windows shared hosting plan, under ASP.NET 2.0. For a while the only problem we've had is that no matter what I've tried, the Remember Me checkbox doesn't work, and logins expire fairly quickly.
Recently however, we started experiencing much more serious problems: once logged in, a user gets two page visits, and is then logged out. When trying to log in again, the following error results:
Padding is invalid and cannot be removed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
[CryptographicException: Padding is invalid and cannot be removed.]
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) +1489580
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +306
System.Security.Cryptography.CryptoStream.FlushFinalBlock() +30
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo) +154
System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) +247
DotNetNuke.HttpModules.DNNMembershipModule.OnAuthenticateRequest(Object s, EventArgs e) +514
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
|
After this, the only way to log in again is to delete the cookie, at which point the cycle starts over.
I've tried the following:
1) I've asked our ISP to increase our virtual memory on the application pool to 800MB, in case this has something to do with app pool being recycled. If our site sudenly IS using that much memory, something is REALLY wrong with DNN.
2) I've changed the machineKey in web.config to not use AutoGenerate; if I understand correctly, this should ensure that the encrypted cookies never get invalidated.
One of the things that has been baffling me is that the site was working fine for a while, then suddenly started malfunctioning; to my knowledge, no configuration changes had been made when things started going south. Is there something perhaps our hosting provider changed that might have broken DNN?
I haven't tried upgrading to a more recent version of DNN, because I'm afraid that if something goes wrong in the upgrade process it's just going to mess things up more.
Has anyone else encountered these sorts of errors? Any suggestions? I really need to fix this ASAP, or I'm going to have to abandon DNN.