[Mono-bugs] [Bug 538406] New: Bad PKCS7 padding exception is thrown when trying to login or recover password under ASP.NET using encrypted passwords and AspSQLProvider.
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Fri Sep 11 10:06:29 EDT 2009
http://bugzilla.novell.com/show_bug.cgi?id=538406
Summary: Bad PKCS7 padding exception is thrown when trying to
login or recover password under ASP.NET using
encrypted passwords and AspSQLProvider.
Classification: Mono
Product: Mono: Class Libraries
Version: 2.4.x
Platform: i686
OS/Version: Linux
Status: NEW
Severity: Major
Priority: P5 - None
Component: Mono.Security
AssignedTo: spouliot at novell.com
ReportedBy: piotr.walat at gmail.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
Gecko/20090813 Gentoo Firefox/3.5.2
When using Nauckit Postgresql membership provider for asp.net
(http://dev.nauck-it.de/aspsqlprovider/) with passwordFormat set to "Encrypted"
whenever you try to login or recover password you get:
System.Security.Cryptography.CryptographicException: Bad PKCS7 padding. Invalid
length XXX.
exception.
The accounts and passwords can be created and inserted into db without
problems. Same setup under MS.NET works fine. I've tried multiple encryption
keys (generated by code shown here: http://support.microsoft.com/kb/312906,
both on ms.net and mono compiled version of generation tool) with no success.
Reproducible: Always
Steps to Reproduce:
1.Create a new ASP.NET MVC (or ASP.NET WebForms) application
2.Download aspsqlprovider (http://dev.nauck-it.de/aspsqlprovider)
3.Configure web.config for aspsqlprovider: add connection string (pgsql),
configure providers (http://dev.nauck-it.de/aspsqlprovider/wiki/Configuration).
Make sure following properties of provider are set:
enablePasswordRetrieval="true" requiresQuestionAndAnswer="false"
passwordFormat="Encrypted"
4.Create database with a proper sql schema (script available in aspsqlprovider
package)
5.In Global.asax 's Application_Start method add the following code:
const string adminRoleName = "su";
const string adminUserName = "su";
const string adminPassword = "test123";
if (!Roles.RoleExists(adminRoleName))
{
Roles.CreateRole(adminRoleName);
}
if (Membership.GetUser(adminUserName) == null)
{
Membership.CreateUser(adminUserName, adminPassword,
"fake at fake.fake.fake.info");
}
if (!Roles.IsUserInRole(adminUserName, adminRoleName))
{
Roles.AddUserToRole(adminUserName, adminRoleName);
}
this will ensure a proper user is created on app start
6. In your HomeController add a new action (under webforms add simmilar logic
to Page_Load in Default.aspx.cs):
public ContentResult Pass()
{
ContentResult cr = new ContentResult();
MembershipUser user = Membership.GetUser("su");
string password=Membership.Provider.GetPassword("su","");
cr.Content=password;
if(String.IsNullOrEmpty(password))
cr.Content+="empty pass";
return cr;
}
7. Navigate to http://yourapplication/Home/Pass to execute password retreival
logic.
Actual Results:
An exception is raised or "empty password" string is displayed
Expected Results:
A user's (su) password (test123) should be displayed
Sample keypair:
<machineKey
validationKey="1C1954DE3B4EFC9A5B0BC70934E7629CF4F5F7F2DC4D5B80117A3633A5B8F14DC55E8838119F800468A0750CB9392FFA1B0DE9751507AAD44ADEC54A68BEF6FF"
decryptionKey="7E71DB4347B52C3B120A7309F9EBA6B375B852A6C7343AE6"
validation="SHA1"/>
Sample credentials:
username: su
pass: test123
encrypted password stored in database (Password column):
lCLiXzaxzn5iyHn1gQjjRQ==
stack trace:
System.Security.Cryptography.CryptographicException: Bad PKCS7 padding. Invalid
length 19.
at Mono.Security.Cryptography.SymmetricTransform.ThrowBadPaddingException
(System.Security.Cryptography.PaddingMode,int,int) [0x0005c] in
/var/tmp/portage/dev-lang/mono-2.4.2.3/work/mono-2.4.2.3/mcs/class/corlib/Mono.Security.Cryptography/SymmetricTransform.cs:363
at Mono.Security.Cryptography.SymmetricTransform.FinalDecrypt (byte[],int,int)
[0x001a3] in
/var/tmp/portage/dev-lang/mono-2.4.2.3/work/mono-2.4.2.3/mcs/class/corlib/Mono.Security.Cryptography/SymmetricTransform.cs:515
at Mono.Security.Cryptography.SymmetricTransform.TransformFinalBlock
(byte[],int,int) [0x00034] in
/var/tmp/portage/dev-lang/mono-2.4.2.3/work/mono-2.4.2.3/mcs/class/corlib/Mono.Security.Cryptography/SymmetricTransform.cs:554
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock
(byte[],int,int) [0x00000] in
/var/tmp/portage/dev-lang/mono-2.4.2.3/work/mono-2.4.2.3/mcs/class/corlib/System.Security.Cryptography/RijndaelManagedTransform.cs:94
at System.Web.Security.MembershipProvider.DecryptPassword (byte[]) [0x00017] in
/var/tmp/portage/dev-lang/mono-2.4.2.3/work/mono-2.4.2.3/mcs/class/System.Web/System.Web.Security/MembershipProvider.cs:123
at NauckIT.PostgreSQLProvider.PgMembershipProvider.UnEncodePassword (string)
[0x00025] in
/home/pwalat/Projects/enctest/AspSQLProvider/src/NauckIT.PostgreSQLProvider/PgMembershipProvider.cs:1429
at NauckIT.PostgreSQLProvider.PgMembershipProvider.GetPassword (string,string)
[0x00159] in
/home/pwalat/Projects/enctest/AspSQLProvider/src/NauckIT.PostgreSQLProvider/PgMembershipProvider.cs:802
Using different password: testpass didnt generate aforementioned exception, but
resulted in GetPassword() method returning null or empty string
(String.IsNullOrEmpty()==true)
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list