Hello experts,
This is kind of annoying because my web application works locally and when moved to IIS I get the below error
Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
I have checked the event viewer and tried to set Load user profile to True in app pool settings and but nothing worked.
Your help is much appreciated.
Complete Stack Trace
Stack trace: at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.RSACryptoServiceProvider.DecryptKey(SafeKeyHandle pKeyContext, Byte[] pbEncryptedKey, Int32 cbEncryptedKey, Boolean fOAEP, ObjectHandleOnStack ohRetDecryptedKey)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
at Login.Page_Load(Object sender, EventArgs e) in E:\wwwroot\ClaimForm\Login.aspx.vb:line 136
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
The pageload code is as below
Dim ip As String = HttpContext.Current.Request.UserHostAddress
tdError.Visible = False
trErrorUser.Visible = False
trErrorPass.Visible = False
trErrorInvalidPWD.Visible = False
trErrorDisable.Visible = False
LoadRSAText()
Dim crypted As String = Utilities.IsNull(Request.Form("crypted"))
Dim user As String = Utilities.IsNull(Request.Form("txtUser"))
' Get # of login attempts
Dim counter As BotIpCounter = GetBotIPCounter(ip)
Const NUM_BAD_ATTEMPTS As Integer = 4
If counter.Counter > NUM_BAD_ATTEMPTS Then CaptchaRequired = True
'If IsPostBack Then Exit Sub
If crypted <> String.Empty Then
IncrementBotIPCounter(counter)
If counter.Counter > NUM_BAD_ATTEMPTS + 2 AndAlso CaptchaRequired Then
Dim rereponse As String = Utilities.IsNull(Request.Form("g-recaptcha-response"))
'Response.Write(String.Format("<script>alert('{0}')</script>", RecaptchaCheck(ip, rechallenge, rereponse)))
Dim success As Boolean = False
Dim errorcode As String = String.Empty
Try
' RecaptchaCheck(ip, rereponse, success, errorcode)
Catch ex As Exception
litErrorCaptcha.Text = "<li>" & ex.Message & "</li>"
tdError.Visible = True
Exit Sub
End Try
If Not success Then
litErrorCaptcha.Text = errorcode
tdError.Visible = True
Exit Sub
End If
End If
End If
Dim pass As String ' = Utilities.IsNull(Request.Form("password")).ToUpper
If user = "" Then
trErrorUser.Visible = True
tdError.Visible = True
'ElseIf pass = "" Then
' trErrorPass.Visible = True
' tdError.Visible = True
ElseIf Not tdError.Visible Then
Dim ds As DataSet = Nothing
' look for user entry for this user
ds = dbm.dbGetLogin(user, ip)
If ds.Tables("Table").Rows.Count = 0 Then
' invalid user... show invalid password instead
trErrorInvalidPWD.Visible = True
tdError.Visible = True
Exit Sub
End If
user = ds.Tables("Table").Rows(0)("ruuser")
'If Request.Form("crypted") IsNot Nothing Then
'Dim rsa As RSACryptoServiceProvider = DecodeRSAPrivateKey(Convert.FromBase64String(GlobalSettings.PEMPRIVATEKEY))
'Dim Parameters As RSAParameters = rsa.ExportParameters(False)
'If rsa Is Nothing Then Throw New Exception("NULL RSA")
Dim cspParams As New CspParameters
cspParams.Flags = CspProviderFlags.UseMachineKeyStore
Dim rsa As New RSACryptoServiceProvider(cspParams)
rsa.FromXmlString(RSAPRIVATEKEY)
pass = ASCIIBytesToString(rsa.Decrypt(HexStringToByteArray(crypted.ToString()), False)).ToUpper
'Response.Write(String.Format("<script>alert('{0}')</script>", pass))
'End If
' look for password entry for this user
If Utilities.IsNull(ds.Tables("Table").Rows(0)("rnpass")) = String.Empty Then
' no password
Dim newpass As String
Try
Dim encrpass As String = dbnet.dbGetPassword(user)
If encrpass Is Nothing Then
trErrorInvalidPWD.Visible = True
tdError.Visible = True
Exit Sub
End If
newpass = dbnet.dbDecryptPassword(encrpass).ToUpper
Catch ex As Exception
' as400 is down
If Now.Hour = 21 Then
trErrorDaily.Visible = True
Else
trErrorServer.Visible = True
End If
tdError.Visible = True
Exit Sub
End Try
' create a password entry
dbm.dbCreatePassword(user, getSHA1Hash(newpass))
' look for user entry again
ds = dbm.dbGetLogin(user, ip)
End If
Dim dr As DataRow = ds.Tables("Table").Rows(0)
If dr("rudel") = "D" Then
trErrorDisable.Visible = True
tdError.Visible = True
ElseIf dr("rnpass") <> getSHA1Hash(pass) Then
' wrong password
If Session(GlobalSettings.SESSION_WRONGPASS) Is Nothing Then Session.Add(GlobalSettings.SESSION_WRONGPASS, 0)
Session(GlobalSettings.SESSION_WRONGPASS) = Math.Min(Session(GlobalSettings.SESSION_WRONGPASS) + 1, 3)
If Session(SESSION_WRONGPASS) >= 3 Then
Session(SESSION_WRONGPASS) = 0
If dr("rutype") = "E" Then SendDisabledEmail(user, "Disabled User - Too many wrong password attempts: " & user)
dbm.dbDisableUser(user, GlobalSettings.DISABLEREASON_TOOMANYBADPWS)
trErrorDisable.Visible = True
End If
trErrorInvalidPWD.Visible = True
tdError.Visible = True
If dr("blocked") = "T" Then
dbnet.StartThread_StoreWebBlocked(user, ip, "BLOCKED IP & WRONG PWD")
End If
ElseIf dr("blocked") = "T" Then
dbnet.StartThread_StoreWebBlocked(user, ip, "BLOCKED IP & LOGGED IN SUCCESS")
dbm.dbDisableUser(user, "Customer Disabled, Block IP")
'SendBlockedEmail(user, "Disabled User - BLOCKED IP: " & user)
trErrorBlocked.Visible = True
tdError.Visible = True
ElseIf Request.Browser.Type = "Unknown" Then
dbm.dbDisableUser(user, "Screen scraping DO NOT ENABLE")
tdError.Visible = True
End If
If dr("blocked") = "T" OrElse Request.Browser.Type = "Unknown" Then
trErrorInvalidPWD.Visible = False
trErrorDisable.Visible = False
End If
' user/pass is correct and account is OK
If tdError.Visible = False Then
dbm.StartThread_UpdateUserLogon(user)
KillOtherSessions(user)
RemoveOldCache(Session.SessionID)
CacheSession(user)
ClearBotIP(ip)
Session.RemoveAll()
Session.Add(GlobalSettings.SESSION_USER, user)
Session.Add(GlobalSettings.SESSION_USERSNAME, dr("runame"))
Session(GlobalSettings.SESSION_LOGINURL) = "Login.aspx"
'Manage Roles- 11232015
If dr("rutype").ToString() = "M" Then
Session(GlobalSettings.SESSION_ROLE) = "ADMIN"
ElseIf dr("rutype").ToString() = "E" Then
Session(GlobalSettings.SESSION_ROLE) = "END"
Else
Session(GlobalSettings.SESSION_ROLE) = "USER"
End If
Session.Add("cookiecartloaded", False)
' Logging
dbnet.StartThread_StoreWebLog(user, ip, String.Empty, 0, Request.Browser.Type)
Response.Redirect("~/DealerLocation.aspx", True)
End If
Else
Session.RemoveAll()
End If