Solving error in HomogenizeErrors() – "Error occurred during a cryptographic operation."

This is a real-edge case of working on the Windows platform. Beware.

Are you getting this stack trace?

“System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.”

[CryptographicException: Error occurred during a cryptographic operation.]
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +115
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData) +59
   System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes) +62
   System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes) +122
   System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +51
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +123
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +575
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +76
   System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +410
   System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +187
   System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +126
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

Is it working in Internet Explorer but not in any other browser? Then this post is for you.

This assumes you have a certificate that you have installed yourself. All in PowerShell now, you should be able to find it:

$ ls cert:localmachinemy

It gives me

Thumbprint                                Subject
89866139B5D499DFD04FE413E89351A9A2B8A922  CN=INDUCTION

in my case.

But going to https://induction in FireFox crashes. Now try:

$ netsh http show sslcert

SSL Certificate bindings:
-------------------------
IP:port                      : 0.0.0.0:443
...
Certificate Store Name       : (null)
...

What you need to do in this case, is to re-register the certificate:

$ netsh http delete sslcert "ipport=0.0.0.0:443"
$ netsh http add sslcert "ipport=0.0.0.0:443" "appid={$appId}" "certhash=$tp" "certstorename=MY"

$appId is a guid, $tp is the thumbprint (found by doing ‘ls cert:localmachinemy’). The important part here is “certstorename=MY”, because without it, you might get an error in HomogenizingCryptoServiceWrapper.Unprotect – an interesting choice of name for that class for sure.

Now running:

$ netsh http show sslcert

SSL Certificate bindings:
-------------------------
IP:port                      : 0.0.0.0:443
...
Certificate Store Name       : MY

Shows the problem to be solved.

This Post Has 9 Comments

  1. Dude, bailed me out … we had the exact same problem with a ThinkTexture installation and your instructions fixed it for us.

    Thank you and keep posting!
    J

    1. Jamie.. it still doesn’t work!!
      What did you do?

  2. For me the symptom was identical but the solution has been different.

    I followed your instruction all all was OK for me so I analysed the code finding out that the error was thrown by an auto login method trying to decrypt a cookie.

    So I patched my code trapping the exception and deleting the cookie that was no more decryptable forcing the user to insert user/pwd again.

    The error occurred after an important Microsoft update occurred in October 2013 that probably updated some decrypting algorithm.

  3. I develop using Chrome, so when I got this exception I tried IE and it looked fine. What actually resolved it for me was just clearing the cookies in Chrome.

  4. Clearing cookies in Chrome also fixed it for me.

  5. I downloaded a plugin for chrome called EditThisCookie.
    It allowed me to delete the Cookie for JUST that site.

  6. Are you sure you don’t mean ls cert:localmachine/my (note the slash)?

  7. Thank you so much!!! You really help me a lot!!!

Leave a Reply

Close Menu