Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Data Protection: Exception - "The parameter is incorrect"
See original GitHub issueI receive a CryptographicException when the AntiForgeryToken is rendered in my MVC view (@Html.AntiForgeryToken). The error doesn’t appear on a colleague’s machine with identical code.
My setup is:
var cert = GetCert()
services.AddDataProtection()
.ProtectKeysWithCertificate(cert.Thumbprint)
.PersistKeysToRedis(redisConnection, "foo:dpikeys")
.SetApplicationName("foo.IdentityServer");
The keys are being successfully written to redis. I have “[ValidateAntiForgeryToken]” attributes on my controller actions.
Exception stack trace:
System.Security.Cryptography.CryptographicException: "The parameter is incorrect"
at System.Security.Cryptography.NCryptNative.DecryptData[T](SafeNCryptKeyHandle key, Byte[] data, T& paddingInfo, AsymmetricPaddingMode paddingMode, NCryptDecryptor`1 decryptor)
at System.Security.Cryptography.NCryptNative.DecryptDataPkcs1(SafeNCryptKeyHandle key, Byte[] data)
at System.Security.Cryptography.RSACng.Decrypt(Byte[] data, RSAEncryptionPadding padding)
at System.Security.Cryptography.RSAPKCS1KeyExchangeDeformatter.DecryptKeyExchange(Byte[] rgbIn)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.<GetLazyDescriptorDelegate>b__0()
at System.Lazy`1.CreateValue()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Lazy`1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.KeyHolder.GetEncryptorInstance(Boolean& isRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.get_DefaultAuthenticatedEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)
at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Serialize(AntiforgeryToken token)
at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.Serialize(IAntiforgeryFeature antiforgeryFeature)
at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetAndStoreTokens(HttpContext httpContext)
at Microsoft.AspNetCore.Mvc.ViewFeatures.AntiforgeryExtensions.GetHtml(IAntiforgery antiforgery, HttpContext httpContext)
at Microsoft.AspNetCore.Mvc.ViewFeatures.DefaultHtmlGenerator.GenerateAntiforgery(ViewContext viewContext)
at Microsoft.AspNetCore.Mvc.TagHelpers.FormTagHelper.Process(TagHelperContext context, TagHelperOutput output)
at Microsoft.AspNetCore.Razor.TagHelpers.TagHelper.ProcessAsync(TagHelperContext context, TagHelperOutput output)
at Microsoft.AspNetCore.Razor.Runtime.TagHelpers.TagHelperRunner.<RunAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at AspNetCore._Views_Account_Login_cshtml.<ExecuteAsync>d__27.MoveNext() in
C:\Code\foo\foo.IdentityServer\Views\Account\Login.cshtml:line 0
Issue Analytics
- State:
- Created 5 years ago
- Comments:10 (8 by maintainers)
Top Results From Across the Web
The Parameter Is Incorrect on External Hard Drive [6+ Tips]
The most effective way to fix the "The parameter is incorrect" error is to perform high-level formatting, also called quick format in Windows....
Read more >[Fixed] "The Parameter Is Incorrect" Error in Windows 11/10
This error occurs because Windows 11 cannot access your storage drive and/or files. There are a few reasons that cause this error, such...
Read more >"The Parameter is Incorrect" on External Hard Drive: How to Fix
The error message “The parameter is incorrect” is often a generic error message that appears when your computer is being prevented from ...
Read more >How to Fix "The Parameter Is Incorrect" Error in Windows
This error means that a user's request for access to a folder path has failed. According to the error's definition, the user is...
Read more >How to Fix The Parameter Is Incorrect Error in Windows
If you are getting an error of “The Parameter is incorrect ” while opening an external drive or storage device. Then it may...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Without steps to reproduce, there isn’t much I can do to help. The stack trace shows the error as coming from several layers below the ASP.NET stack which leads me to believe there is a problem with how the certificate was generated or there is a bug deep in the System.Security.Cryptography stack. Try creating a repro by using EncryptedXml APIs directly: https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-decrypt-xml-elements-with-x-509-certificates. That will get you closer to the source of the exception.
The problem on my colleagues machine was that the certificate was only in the machine store and when decrypting an xml only the user store will be searched…
I understand the statement as when using the certificate directly it will not try to load it from the store when decrypting?
https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-decrypt-xml-elements-with-x-509-certificates
When I look into the xml decryption docu you linked it makes it clear that the certificate must be in the user store.
I can reproduce the fact that providing the certifiacte directly without having it in the user store doesn’t solve anything.
What is the intendet bevaivor when prodiving a certificate directly? Should it use the certificate store or not?
Maybe this method produces the wrong result or is this the intended bahaivor?