Problem with CryptoAPI in web service

  • Thread starter Arthur Nesterovsky
  • Start date
A

Arthur Nesterovsky

Hello,

Can anybody help me?

I have very strange (from my point of view) problem.
My web service, which was working ages, suddenly
has been broken. For now it all the time throws the
following exception:

[11/3/2003 4:43:30 PM][ERROR]
System.Security.Cryptography.CryptographicException: Bad Data.
at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb,
Boolean fOAEP)
at MyWebServiceNameSpace.MyWebService.DecryptString(String Source)
at MyWebServiceNameSpace.MyWebService.Login(String UserName, String
Password)

======================================

Here is code snipped:

namespace MyWebServiceNameSpace
{
/// <summary>
/// Implements web service
/// </summary>
[WebService(Namespace=http://temporg.com/MyWebService)]
public class MyWebService: WebServicesExtension
{
/// <summary>
/// This method returns public key as an XML fragment.
/// </summary>
[WebMethod(EnableSession=true, Description="Retrieves public key")]
public string GetPublicKey()
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
if (RSA==null)
{
CspParameters CSP=new CspParameters();
CSP.Flags=CspProviderFlags.UseMachineKeyStore;
RSA=new RSACryptoServiceProvider(CSP);
Application["RSA"]=RSA;
}
return RSA.ToXmlString(false);
}

[WebMethod(EnableSession=true, Description="Login to resource")]
public long Login(string UserName, string Password)
{
try
{
string realPassword = DecryptString(Password); //*
...
}
catch(Exception e)
{
System.Diagnostics.Debbuger.Log(1, "ERROR",
"["+DateTime.Now.ToString()+"][ERROR] "+e.ToString());
throw e;
}
}

/// <summary>Decrypt the specified string</summary>
/// <param name="Source">determines the string to decrypt</param>
/// <returns>source string</returns>
protected string DecryptString(string Source)
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
byte[] buffer=RSA.Decrypt(Convert.FromBase64String(Source),
false);
return Encoding.UTF8.GetString(buffer);
}
}
}

A client application first of all gets public key (by calling GetPublicKey
method),
then it uses the received key to encrypt password. Then, it calls the Login
method
of the web services. As a parameter it sends encrypted password. At the
point marked as //* my web service throws the specified exception.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,225
Members
46,815
Latest member
treekmostly22

Latest Threads

Top