search

microsoft / Reporting-Services

Git repo for SQL Server Reporting Services and Power BI paginated report samples, and community projects
MIT License
426 stars 362 forks source link

Forms authentication machineKey unable to validate data error in custom security extension #252

Closed TestO2015 closed 1 year ago

TestO2015 commented 1 year ago

I have followed the guides here to setup a custom security extension. So far the login and ReportServer are working however the Report portal https://localhost/reports has a 500 error. From the logs:

Exception: System.Web.HttpException (0x80004005): Unable to validate data. at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData) at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreateRequestContextFromCookie(IOwinContext context) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreatePortalIdentity(IOwinContext context) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.Invoke(IOwinContext context) at Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware``1.<Invoke>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.BIServer.Owin.Common.Middleware.RequestLoggingMiddleWare.<Invoke>d__2.MoveNext() | RequestID = s_562e4f17-7d98-45e0-b744-02509f01e0d8

Apparently it's having trouble with the machineKey used for encryption.

I have included the machineKey in:

<machineKey validationKey="33A11FDECC5CB917123E44C5BDAF1859942D5FD0D80E1CA3FF2F32576F391556" decryptionKey="1581FF2A206D1A3C283442C84EF2EBD333AE0B27BC85C502E1A771058539C4B1" validation="AES" decryption="AES" />

https://github.com/Microsoft/Reporting-Services/issues/121 Note: I don't mean to duplicate issue 121 which looks the same, it's just that none of the solutions posted there have worked for me.

I've tried many solutions aimed at addressing the machineKey error. Now I found the code for MachineKeySection.cs from Microsoft and it seems the "Unable_To_Validate_Data" error could be masking something else gone wrong.

// It's important that we don't propagate the original exception here as we don't want a production
// server which has unintentionally left YSODs enabled to leak cryptographic information.
            throw new HttpException(SR.GetString(SR.Unable_to_validate_data));

Any suggestions as to what I could be missing?

TestO2015 commented 1 year ago

I found the issue. The Forms Authentication ticket had never been encrypted when it was created on the ReportServer app and so failed while trying to decrypt it on the ReportPortal app.

To fix this I enabled <forms ... protection="All"> on the ReportServer web.config file.