You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0 (911722)


The information in this article applies to:

  • Microsoft ASP.NET 2.0
  • Microsoft ASP.NET (included with the .NET Framework 1.1)
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.RijndaelManaged..ctor() +200 System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +2088
System.Web.Configuration.MachineKeySection.EnsureConfig() +904
System.Web.Configuration.MachineKeySection.GetEncodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32& length) +88
System.Web.UI.ObjectStateFormatter.Serialize(Object stateGraph) +1320
System.Web.UI.Util.SerializeWithAssert(IStateFormatter formatter, Object stateGraph) +248
System.Web.UI.HiddenFieldPageStatePersister.Save() +280
System.Web.UI.Page.SaveAllState() +6488
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +17240
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50606.0; ASP.NET Version:2.0.50606.0

CAUSE

This problem occurs when the following conditions are true:
  • The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey is set to 1.
  • ASP.NET 2.0 uses the AES algorithm when it processes view state data. The AES algorithm is not currently a Federal Information Processing Standard (FIPS)-compliant algorithm.

WORKAROUND

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

To work around this problem, change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data. To do this, follow these steps:
  1. In a text editor such as Notepad, open the application-level Web.config file.
  2. In the Web.config file, locate the <system.web> section.
  3. Add the following <machineKey> section to in the <system.web> section: 
    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="TripleDES" decryption="3DES"/>
  4. Save the Web.config file.
  5. Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:

    iisreset

Important Theoretically, the 3DES algorithm is less secure than the AES (Rijndael) algorithm. We recommend that you use the AES algorithm whenever possible to help secure your system.

MORE INFORMATION

Steps to reproduce the problem

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Before you can reproduce this problem, you must set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey to 1 to enable the FIPS-compliant algorithms policy.

Follow these steps, and then quit Registry Editor:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy

  3. On the Edit menu, click Modify.
  4. Type 1, and then press ENTER.
Note You must restart the computer for the new setting to take effect.

To reproduce the problem, follow these steps:
  1. In Visual Studio 2005, click New Web Site on the File menu, click ASP.NET Web Site under Templates, type DriveLetter:\Path\KB911722 in the Location box, and then click OK.
  2. In Solution Explorer, right-click Default.aspx, and then click Open.
  3. Replace the existing code with the following code.
    <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
	<title>Test Page for KB911722</title>
</head>
<body>
<form id="Form1" runat="server" >
 <script language="C#" runat="server" > 
 public void Page_Load() 
 { 
 	Label1.Text = "EnableViewState attribute is set to " + Page.EnableViewState.ToString(); 
 } 
 </script> 

 <asp:Label id="Label1" runat="server" Text="text"></asp:Label>
</form>
</body>
</html>
  4. On the Debug menu, click Start Debugging.
You receive the error message that is mentioned in the "Symptoms" section.

For more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:

811833 The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions

Modification Type:MajorLast Reviewed:3/15/2006
Keywords:kbtshoot kbprb KB911722 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.