Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0


Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry

↑ Back to the top


Symptoms

After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]

System.Security.Cryptography.RijndaelManaged..ctor() +200 System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +2088

System.Web.Configuration.MachineKeySection.EnsureConfig() +904

System.Web.Configuration.MachineKeySection.GetEncodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32& length) +88

System.Web.UI.ObjectStateFormatter.Serialize(Object stateGraph) +1320

System.Web.UI.Util.SerializeWithAssert(IStateFormatter formatter, Object stateGraph) +248
System.Web.UI.HiddenFieldPageStatePersister.Save() +280

System.Web.UI.Page.SaveAllState() +6488

System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +17240

--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:2.0.50606.0; ASP.NET Version:2.0.50606.0

↑ Back to the top


Cause

This problem occurs when the following conditions are true:
  • The
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicyregistry subkey is set to 1.
  • ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.

↑ Back to the top


Workaround

Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.

To work around this problem, change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data. To do this, follow these steps:
  1. In a text editor such as Notepad, open the application-level Web.config file.
  2. In the Web.config file, locate the <system.web> section.
  3. Add the following <machineKey> section to in the <system.web> section:
    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
  4. Save the Web.config file.
  5. Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
    iisreset
Important Theoretically, the 3DES algorithm is less secure than the AES (Rijndael) algorithm. We recommend that you use the AES algorithm whenever possible to help secure your system.

↑ Back to the top


More Information

Steps to reproduce the problem

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Before you can reproduce this problem, you must set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicyregistry subkey to 1 to enable the FIPS-compliant algorithms policy.

Follow these steps, and then quit Registry Editor:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
  3. On the Edit menu, click Modify.
  4. Type 1, and then press ENTER.
Note You must restart the computer for the new setting to take effect.

To reproduce the problem, follow these steps:
  1. In Visual Studio 2005, click
    New Web Site on the File menu, click ASP.NET Web Site under
    Templates, type
    DriveLetter:\Path\KB911722 in the
    Location box, and then click OK.
  2. In Solution Explorer, right-click
    Default.aspx, and then click Open.
  3. Replace the existing code with the following code.
    <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head>
    <title>Test Page for KB911722</title>
    </head>
    <body>
    <form id="Form1" runat="server" >
    <script language="C#" runat="server" >
    public void Page_Load()
    {
    Label1.Text = "EnableViewState attribute is set to " + Page.EnableViewState.ToString();
    }
    </script>

    <asp:Label id="Label1" runat="server" Text="text"></asp:Label>
    </form>
    </body>
    </html>
  4. On the Debug menu, click Start Debugging.
You receive the error message that is mentioned in the "Symptoms" section.

For more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:

811833 The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions

↑ Back to the top


Keywords: kbentirenet, kbtshoot, kbprb, kb

↑ Back to the top

Article Info
Article ID : 911722
Revision : 6
Created on : 7/18/2018
Published on : 12/19/2018
Exists online : False
Views : 1860