You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

Article translations Article translations
Article ID: 911722 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Expand all | Collapse all

On This Page

SYMPTOMS

After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.RijndaelManaged..ctor() +200 System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +2088
System.Web.Configuration.MachineKeySection.EnsureConfig() +904
System.Web.Configuration.MachineKeySection.GetEncodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32& length) +88
System.Web.UI.ObjectStateFormatter.Serialize(Object stateGraph) +1320
System.Web.UI.Util.SerializeWithAssert(IStateFormatter formatter, Object stateGraph) +248
System.Web.UI.HiddenFieldPageStatePersister.Save() +280
System.Web.UI.Page.SaveAllState() +6488
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +17240
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50606.0; ASP.NET Version:2.0.50606.0

CAUSE

This problem occurs when the following conditions are true:
  • The
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
    registry subkey is set to 1.
  • ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.

WORKAROUND

Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.

To work around this problem, change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data. To do this, follow these steps:
  1. In a text editor such as Notepad, open the application-level Web.config file.
  2. In the Web.config file, locate the <system.web> section.
  3. Add the following <machineKey> section to in the <system.web> section:
    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
  4. Save the Web.config file.
  5. Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
    iisreset
Important Theoretically, the 3DES algorithm is less secure than the AES (Rijndael) algorithm. We recommend that you use the AES algorithm whenever possible to help secure your system.

MORE INFORMATION

Steps to reproduce the problem

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Before you can reproduce this problem, you must set the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
registry subkey to 1 to enable the FIPS-compliant algorithms policy.

Follow these steps, and then quit Registry Editor:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
  3. On the Edit menu, click Modify.
  4. Type 1, and then press ENTER.
Note You must restart the computer for the new setting to take effect.

To reproduce the problem, follow these steps:
  1. In Visual Studio 2005, click New Web Site on the File menu, click ASP.NET Web Site under Templates, type DriveLetter:\Path\KB911722 in the Location box, and then click OK.
  2. In Solution Explorer, right-click Default.aspx, and then click Open.
  3. Replace the existing code with the following code.
    <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head>
    	<title>Test Page for KB911722</title>
    </head>
    <body>
    <form id="Form1" runat="server" >
     <script language="C#" runat="server" > 
     public void Page_Load() 
     { 
     	Label1.Text = "EnableViewState attribute is set to " + Page.EnableViewState.ToString(); 
     } 
     </script> 
    
     <asp:Label id="Label1" runat="server" Text="text"></asp:Label>
    </form>
    </body>
    </html>
  4. On the Debug menu, click Start Debugging.
You receive the error message that is mentioned in the "Symptoms" section.

For more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
811833 The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions

Properties

Article ID: 911722 - Last Review: January 4, 2008 - Revision: 3.2
APPLIES TO
  • Microsoft ASP.NET 2.0
  • Microsoft ASP.NET 1.1
Keywords: 
kbtshoot kbprb KB911722

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com