Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Safe handle has been closed
See original GitHub issueUnexpected behavior when disposing RSACryptoServiceProvider.
When you create a token using the following the instructions in RSACryptoServiceProvider https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=net-5.0, the token creation fails every other time.
So, the first call succeeds but the call immediately after that fails with exception:
System.ObjectDisposedException: Safe handle has been closed. Object name: 'SafeHandle'. at System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean& success) at System.StubHelpers.StubHelpers.SafeHandleAddRef(SafeHandle pHandle, Boolean& success) at Interop.Advapi32.CryptCreateHash(SafeProvHandle hProv, Int32 Algid, SafeKeyHandle hKey, CryptCreateHashFlags dwFlags, SafeHashHandle& phHash) at Internal.NativeCrypto.CapiHelper.CreateHashHandle(SafeProvHandle hProv, Byte[] hash, Int32 calgHash) at Internal.NativeCrypto.CapiHelper.SignValue(SafeProvHandle hProv, SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.SignWithRsa(Byte[] bytes) at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Sign(Byte[] bytes) at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Sign(Byte[] input) at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable1 notBefore, Nullable1 expires, Nullable1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, IDictionary2 claimCollection, String tokenType) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityToken(SecurityTokenDescriptor tokenDescriptor) + the codeline pointing to tokenHandler.CreateJwtSecurityToken
See the mini-project in here: https://github.com/Ozzian/InterestingBehaviour/blob/19df369549a21907880c2f8d4cb77b6cb37db45e/InterestingBehaviour/JWT.cs#L20
Is the intent not to dispose the RSACryptoServiceProvider during your service lifetime? What is up with this?
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Ozzian we will investigate this. Since the RsaSecurityKey ctor is passed a RSA instance, we should not be disposing that instance. Internally we cache an AsymmetricSignatureProvider associated with the RSA instance, that provider reuses the RSA instance after it was disposed.
andybakerbrfc is correct. All the information is there in the original post I think by Ozzian: “The token creation fails every other time”. This is stopping us to upgrade to v 6.x. You seem to have a state dependency in the dispose method in between calls that causes the bug judging from the call stack and error message. But I’m on vacation now so I might remember this wrong…
I also added a link to a test project with minimal code that reveals the problem. I would suggest downloading that code. It should make it simple for you guys to find the problem I think using that test code. We can’t upgrade to v 6.x until this has been fixed.