Our .Net 2 web apps recently started getting CryptographicExceptions from
WebResource.axd, and these almost always seem to be when the client is a
web crawler...most notably googlebot (but a few times it is a client browser
such as IE). I'm curious if anyone has some insight as to why this would
be happening, if there is a way to resolve this. If it was just a web
crawler I'd ask if we should even care.

The error is - System.Security.Cryptography.CryptographicExceptio n:
Padding is invalid and cannot be removed.

Thanks

Brad

Hello Brad,

Regarding on the CryptographicException from the ASP.NET webresource.axd, I
did find many thread discussing on this issue. Actually the problem is
usually caused by the request parameter(hashed string value) be invalid and
the webresource.axd fail to verify it.

As you mentioned the problem only occurs against some web crawler
client(like gooblebot...), have you ever found it occurs exactly when you
interactively visit any page in your ASP.NET 2.0 application or any other
user who get such error when they directly visit the pages in your
application?

If the problem is only caused when some unexpected user or web crawler
accessing your application, it is likely that they're using a cached
url(like the one in google cache) which contains a expired url string to
the webresource.axd. The querystring paramter used by webresource.axd is
encrypted by a machinekey defined by .net framework and the encrypted
string will timeout after a certain period. Therefore, if any user is
accessing the web application through those cached page(with expired
webresoruce url string), your application will certainly report exception
against this.

If this is the case, you can simply ignore these exceptions.

Please feel free to let me know if you have any further questions on this.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.