Solving error in HomogenizeErrors() – "Error occurred during a cryptographic operation."

This is a real-edge case of working on the Windows platform. Beware.

Are you getting this stack trace?

“System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.”

[CryptographicException: Error occurred during a cryptographic operation.]
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +115
   System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData) +59
   System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes) +62
   System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes) +122
   System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +51
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +123
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +575
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +76
   System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +410
   System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +187
   System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +126
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

Is it working in Internet Explorer but not in any other browser? Then this post is for you.

This assumes you have a certificate that you have installed yourself. All in PowerShell now, you should be able to find it:

$ ls cert:localmachinemy

It gives me

Thumbprint                                Subject
89866139B5D499DFD04FE413E89351A9A2B8A922  CN=INDUCTION

in my case.

But going to https://induction in FireFox crashes. Now try:

$ netsh http show sslcert

SSL Certificate bindings:
IP:port                      :
Certificate Store Name       : (null)

What you need to do in this case, is to re-register the certificate:

$ netsh http delete sslcert "ipport="
$ netsh http add sslcert "ipport=" "appid={$appId}" "certhash=$tp" "certstorename=MY"

$appId is a guid, $tp is the thumbprint (found by doing ‘ls cert:localmachinemy’). The important part here is “certstorename=MY”, because without it, you might get an error in HomogenizingCryptoServiceWrapper.Unprotect – an interesting choice of name for that class for sure.

Now running:

$ netsh http show sslcert

SSL Certificate bindings:
IP:port                      :
Certificate Store Name       : MY

Shows the problem to be solved.

This Post Has 9 Comments

  1. Jamie

    Dude, bailed me out … we had the exact same problem with a ThinkTexture installation and your instructions fixed it for us.

    Thank you and keep posting!

    1. Laith Abbas

      Jamie.. it still doesn’t work!!
      What did you do?

  2. Gianpiero

    For me the symptom was identical but the solution has been different.

    I followed your instruction all all was OK for me so I analysed the code finding out that the error was thrown by an auto login method trying to decrypt a cookie.

    So I patched my code trapping the exception and deleting the cookie that was no more decryptable forcing the user to insert user/pwd again.

    The error occurred after an important Microsoft update occurred in October 2013 that probably updated some decrypting algorithm.

  3. Nicholas Lydon

    I develop using Chrome, so when I got this exception I tried IE and it looked fine. What actually resolved it for me was just clearing the cookies in Chrome.

  4. Humberto

    Clearing cookies in Chrome also fixed it for me.

  5. Zain

    I downloaded a plugin for chrome called EditThisCookie.
    It allowed me to delete the Cookie for JUST that site.

  6. Bill Sorensen

    Are you sure you don’t mean ls cert:localmachine/my (note the slash)?

  7. Mei

    Thank you so much!!! You really help me a lot!!!

Leave a Reply