Microsoft KB Archive/317054

= Error When You Use 3DES Encryption with Manual Keys in Web.config file of ASP.NET Application =

Article ID: 317054

Article Last Modified on 10/11/2005

-

APPLIES TO


 * Microsoft ASP.NET 1.0

-



This article was previously published under Q317054



SYMPTOMS
When you use the 3DES encryption type for the validation attribute of the  tag in the Web.config file for the application, if you specify a manual key for the validationKey and the decryptionKey attributes, you receive the following error message when you browse to .aspx pages on the application:

Server Error in '/WebApplication1' Application.

Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ArgumentException: Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection.]

System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count) +0

System.Web.Configuration.MachineKey.GetEncodedData(Byte[] buf, String strModifier, Int32 start, Int32 length) +716

System.Web.UI.LosWriter.CompleteTransforms(TextWriter output, Boolean enableMac, String macKey) +187

System.Web.UI.LosFormatter.SerializeInternal(TextWriter output, Object value) +122

System.Web.UI.Page.OnFormRender(HtmlTextWriter writer, String formUniqueID) +143

System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +35

System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +395

System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243

System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +72

System.Web.UI.Control.Render(HtmlTextWriter writer) +7

System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243

System.Web.UI.Page.ProcessRequestMain +1900



RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Visual Studio .NET service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:   Date        Time    Version       Size       File name       Platform -  25-Jan-2002 09:47   1.0.3705.202  1,183,744  System.Web.dll  x86



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



Steps to Reproduce the Behavior
  Create an application, and then add the following code (or similar) to the Web.config file in the root directory of the application:     

  </system.web> With this code, the Web.config file specifies the following: <ul> <li>A valid random key of size 60 for the validationKey attribute.</li> <li>A valid random key of size 48 for the decryptionKey attribute.</li> <li>A validation attribute of SHA1.</li></ul>

</li> <li>Request the Default.aspx page. Provide valid credentials (user, password), and then click Submit.</li> <li>Change the validation algorithm from SHA1 to 3DES.</li> <li>Refresh the Default.aspx page in the browser. You receive the error message that is listed in the &quot;Symptoms&quot; section.</li></ol>

Keywords: kbbug kbfix kbqfe kbweb kbconfig kbhotfixserver KB317054

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.