Reading cookie value : Using URL Rewrite Provider module – Unable to validate at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData

The good thing about this is that the error is a general decryption error and not one with URL Rewrite itself, so that gives you a wider area to search for help. The mechanics of URL Rewrite seem to be right.

Decrypting means that it must be encrypted by the same method as you’re decrypting it. So it has to be the right cookie and the right decryption method.

Since you’re not checking which cookie that you’re reading from, you could get unexpected results if the wrong cookie is first in the list of cookies.

Here are some steps that I recommend to troubleshoot this:

  • Create a simple URL Rewrite rule that will give you the value of your cookie. I created a rule to do that in my example below. You can test it by going to yoursite.com/getcookie. It should redirect to yoursite.com/?Cookie={cookievalue}
  • Then you can test your code outside of the URL Rewrite provider. You can create a simple console app or winforms app to test the rest of the code.
  • I recommend adding a check for the existence of the cookie and then a check again for the 2nd value. For example: if (cookievalues[1] != null).
  • When developing the decryption method, you don’t have to worry about URL Rewrite. As long as it works in a test app in .NET then you should be set.
<rule name="Get cookie value" stopProcessing="true">
    <match url="^getcookie" />
    <action type="Redirect" url="/?Cookie={HTTP_COOKIE}" appendQueryString="false" redirectType="Found" />
</rule>

Leave a Comment

tech