A
Arthur Nesterovsky
Hello,
Can anybody help me?
I have very strange (from my point of view) problem.
My web service, which was working ages, suddenly
has been broken. For now it all the time throws the
following exception:
[11/3/2003 4:43:30 PM][ERROR]
System.Security.Cryptography.CryptographicException: Bad Data.
at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb,
Boolean fOAEP)
at MyWebServiceNameSpace.MyWebService.DecryptString(String Source)
at MyWebServiceNameSpace.MyWebService.Login(String UserName, String
Password)
======================================
Here is code snipped:
namespace MyWebServiceNameSpace
{
/// <summary>
/// Implements web service
/// </summary>
[WebService(Namespace=http://temporg.com/MyWebService)]
public class MyWebService: WebServicesExtension
{
/// <summary>
/// This method returns public key as an XML fragment.
/// </summary>
[WebMethod(EnableSession=true, Description="Retrieves public key")]
public string GetPublicKey()
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
if (RSA==null)
{
CspParameters CSP=new CspParameters();
CSP.Flags=CspProviderFlags.UseMachineKeyStore;
RSA=new RSACryptoServiceProvider(CSP);
Application["RSA"]=RSA;
}
return RSA.ToXmlString(false);
}
[WebMethod(EnableSession=true, Description="Login to resource")]
public long Login(string UserName, string Password)
{
try
{
string realPassword = DecryptString(Password); //*
...
}
catch(Exception e)
{
System.Diagnostics.Debbuger.Log(1, "ERROR",
"["+DateTime.Now.ToString()+"][ERROR] "+e.ToString());
throw e;
}
}
/// <summary>Decrypt the specified string</summary>
/// <param name="Source">determines the string to decrypt</param>
/// <returns>source string</returns>
protected string DecryptString(string Source)
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
byte[] buffer=RSA.Decrypt(Convert.FromBase64String(Source),
false);
return Encoding.UTF8.GetString(buffer);
}
}
}
A client application first of all gets public key (by calling GetPublicKey
method),
then it uses the received key to encrypt password. Then, it calls the Login
method
of the web services. As a parameter it sends encrypted password. At the
point marked as //* my web service throws the specified exception.
Can anybody help me?
I have very strange (from my point of view) problem.
My web service, which was working ages, suddenly
has been broken. For now it all the time throws the
following exception:
[11/3/2003 4:43:30 PM][ERROR]
System.Security.Cryptography.CryptographicException: Bad Data.
at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb,
Boolean fOAEP)
at MyWebServiceNameSpace.MyWebService.DecryptString(String Source)
at MyWebServiceNameSpace.MyWebService.Login(String UserName, String
Password)
======================================
Here is code snipped:
namespace MyWebServiceNameSpace
{
/// <summary>
/// Implements web service
/// </summary>
[WebService(Namespace=http://temporg.com/MyWebService)]
public class MyWebService: WebServicesExtension
{
/// <summary>
/// This method returns public key as an XML fragment.
/// </summary>
[WebMethod(EnableSession=true, Description="Retrieves public key")]
public string GetPublicKey()
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
if (RSA==null)
{
CspParameters CSP=new CspParameters();
CSP.Flags=CspProviderFlags.UseMachineKeyStore;
RSA=new RSACryptoServiceProvider(CSP);
Application["RSA"]=RSA;
}
return RSA.ToXmlString(false);
}
[WebMethod(EnableSession=true, Description="Login to resource")]
public long Login(string UserName, string Password)
{
try
{
string realPassword = DecryptString(Password); //*
...
}
catch(Exception e)
{
System.Diagnostics.Debbuger.Log(1, "ERROR",
"["+DateTime.Now.ToString()+"][ERROR] "+e.ToString());
throw e;
}
}
/// <summary>Decrypt the specified string</summary>
/// <param name="Source">determines the string to decrypt</param>
/// <returns>source string</returns>
protected string DecryptString(string Source)
{
HttpApplicationState
Application=HttpContext.Current.Application;
RSACryptoServiceProvider
RSA=(RSACryptoServiceProvider)Application["RSA"];
byte[] buffer=RSA.Decrypt(Convert.FromBase64String(Source),
false);
return Encoding.UTF8.GetString(buffer);
}
}
}
A client application first of all gets public key (by calling GetPublicKey
method),
then it uses the received key to encrypt password. Then, it calls the Login
method
of the web services. As a parameter it sends encrypted password. At the
point marked as //* my web service throws the specified exception.