Open Closed

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. #949


User avatar
0
learnabp created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

  • ABP Framework version: v4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
   at Internal.Cryptography.UniversalCryptoDecryptor.GetPaddingLength(ReadOnlySpan`1 block)
   at Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(ReadOnlySpan`1 inputBuffer, Span`1 outputBuffer)
   at Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at Internal.Cryptography.UniversalCryptoTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.ReadAsyncCore(Byte[] buffer, Int32 offset, Int32 count, CancellationToken cancellationToken, Boolean useAsync)
   at System.Security.Cryptography.CryptoStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at Volo.Abp.Security.Encryption.StringEncryptionService.Decrypt(String cipherText, String passPhrase, Byte[] salt)
   at Volo.Abp.Settings.SettingEncryptionService.Decrypt(SettingDefinition settingDefinition, String encryptedValue)
   at Volo.Abp.Settings.SettingProvider.GetOrNullAsync(String name)
   at Volo.Abp.Emailing.EmailSenderConfiguration.GetNotEmptySettingValueAsync(String name)
   at Volo.Abp.Emailing.Smtp.SmtpEmailSender.BuildClientAsync()
   at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail)
   at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize)
   at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml)
   at Volo.Abp.Account.Emailing.AccountEmailer.SendPasswordResetLinkAsync(IdentityUser user, String resetToken, String appName, String returnUrl, String returnUrlHash)
   at Volo.Abp.Account.AccountAppService.SendPasswordResetCodeAsync(SendPasswordResetCodeDto input)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync()
   at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync()
   at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync()
   at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync()
   at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Volo.Abp.Account.Public.Web.Pages.Account.ForgotPasswordModel.OnPostAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infras
  • Steps to reproduce the issue:
  • Click on the Login Button
  • Click on Forgotpasswrod, feed in valid email address
  • Get redirected to error page and the above expection is looged

4 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    Smtp password must be encrypted. It seems like you have not encrypted it correctly. see https://docs.abp.io/en/abp/latest/Emailing#encrypt-the-smtp-password

    ps: I removed your sensitive SMTP sensitive data.

  • User Avatar
    0
    learnabp created

    I am encrypting it in my DomainModules using below

            public override void OnApplicationInitialization(ApplicationInitializationContext context)
            {
                var settingManager = context.ServiceProvider.GetService<SettingManager>();
                //encrypts the password on set and decrypts on get
                settingManager.SetGlobalAsync(EmailSettingNames.Smtp.Password, "<my password>");
            }
    

    Do i need to grab this value from DB and enter it in the AppSettings for password property?

  • User Avatar
    0
    alper created
    Support Team Director

    see this post https://support.abp.io/QA/Questions/226/How-to-configure-email-settings

  • User Avatar
    0
    learnabp created

    This error was due to the Email password not being encrypted so i canned it to my DOmain project in ConfigureService and set it as a Gloabal setting

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38