I keep getting errors like this on one of my sites. It tends to happen randomly throughout the day any for periods in the night when I would not expect users on the site.
It is always from different ip addresses
System.Web.HttpException: Invalid
viewstate. at
System.Web.UI.Page.DecryptStringWithIV(String
s, IVType ivType) at
System.Web.UI.Page.DecryptString(String
s)
or
System.Security.Cryptography.CryptographicException:
Padding is invalid and cannot be
removed. at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32
inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode
paddingMode, Boolean fLast) at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32
inputCount) at
System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier,
Int32 start, Int32 length, IVType
ivType, Boolean useValidationSymAlgo)
at
System.Web.UI.Page.DecryptStringWithIV(String
s, IVType ivType) at
System.Web.UI.Page.DecryptString(String
s)
They happen in this page:
ScriptResource.axd?d=VVe1O4rzLSI9hB5nRzBXZxUYTQz6ylDTL9djGR
The site users Ajax and runs on .NET 3.
Is this someone trying to hack into the site? Is it an error with the html on the site?
Any ideas?
Best Answer
I believe this error is caused by your ViewState being decrypted using an out-of-date ViewStateUserKey.
Removing these errors is a two-step process:
You can do this by setting it yourself (perhaps in your Page or base Page's Init event):
And no, I don't think you're being hacked.