Solving error in HomogenizeErrors() – "Error occurred during a cryptographic operation."

This is a real-edge case of working on the Windows platform. Beware.

Are you getting this stack trace?

“System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.”

[CryptographicException: Error occurred during a cryptographic operation.]
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +115
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData) +59
   System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes) +62
   System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes) +122
   System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +51
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +123
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +575
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +76
   System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +410
   System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +187
   System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +126
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

Is it working in Internet Explorer but not in any other browser? Then this post is for you.

This assumes you have a certificate that you have installed yourself. All in PowerShell now, you should be able to find it:

$ ls cert:localmachinemy

It gives me

Thumbprint                                Subject
89866139B5D499DFD04FE413E89351A9A2B8A922  CN=INDUCTION

in my case.

But going to https://induction in FireFox crashes. Now try:

$ netsh http show sslcert

SSL Certificate bindings:
-------------------------
IP:port                      : 0.0.0.0:443
...
Certificate Store Name       : (null)
...

What you need to do in this case, is to re-register the certificate:

$ netsh http delete sslcert "ipport=0.0.0.0:443"
$ netsh http add sslcert "ipport=0.0.0.0:443" "appid={$appId}" "certhash=$tp" "certstorename=MY"

$appId is a guid, $tp is the thumbprint (found by doing ‘ls cert:localmachinemy’). The important part here is “certstorename=MY”, because without it, you might get an error in HomogenizingCryptoServiceWrapper.Unprotect – an interesting choice of name for that class for sure.

Now running:

$ netsh http show sslcert

SSL Certificate bindings:
-------------------------
IP:port                      : 0.0.0.0:443
...
Certificate Store Name       : MY

Shows the problem to be solved.

This Post Has 9 Comments

  1. Jamie

    4 Feb 2013 Reply

    Dude, bailed me out … we had the exact same problem with a ThinkTexture installation and your instructions fixed it for us.

    Thank you and keep posting!
    J

    1. Laith Abbas

      25 Sep 2014 Reply

      Jamie.. it still doesn’t work!!
      What did you do?

  3. Gianpiero

    15 Oct 2013 Reply

    For me the symptom was identical but the solution has been different.

    I followed your instruction all all was OK for me so I analysed the code finding out that the error was thrown by an auto login method trying to decrypt a cookie.

    So I patched my code trapping the exception and deleting the cookie that was no more decryptable forcing the user to insert user/pwd again.

    The error occurred after an important Microsoft update occurred in October 2013 that probably updated some decrypting algorithm.

  4. Nicholas Lydon

    13 Feb 2014 Reply

    I develop using Chrome, so when I got this exception I tried IE and it looked fine. What actually resolved it for me was just clearing the cookies in Chrome.

  5. Humberto

    14 Oct 2014 Reply

    Clearing cookies in Chrome also fixed it for me.

  6. Zain

    27 Nov 2014 Reply

    I downloaded a plugin for chrome called EditThisCookie.
    It allowed me to delete the Cookie for JUST that site.

  7. Bill Sorensen

    24 Apr 2015 Reply

    Are you sure you don’t mean ls cert:localmachine/my (note the slash)?

  8. Mei

    19 Nov 2015 Reply

    Thank you so much!!! You really help me a lot!!!

Leave a Reply

Close Menu