After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:
[InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.]
Byte modifier, Int32 start, Int32& length) +88
System.Web.UI.ObjectStateFormatter.Serialize(Object stateGraph) +1320
System.Web.UI.Util.SerializeWithAssert(IStateFormatter formatter, Object
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +17240
Version Information: Microsoft .NET Framework Version:2.0.50606.0; ASP.NET
This problem occurs when the following conditions are
registry subkey is set to 1.
- ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.
These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.
To work around this problem, change the configuration in the
application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data. To do this, follow these steps:
- In a text
editor such as Notepad, open the application-level Web.config file.
- In the Web.config file, locate the <system.web> section.
- Add the following <machineKey> section to in the <system.web> section:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
- Save the Web.config file.
the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
Theoretically, the 3DES algorithm is less secure than the AES (Rijndael) algorithm.
We recommend that you use the AES algorithm whenever possible to help secure your system.
Steps to reproduce the problemWarning
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Before you can reproduce this problem, you must set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
registry subkey to 1 to enable the FIPS-compliant algorithms policy.
Follow these steps, and then quit Registry Editor:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following key in the registry:
- On the Edit menu, click Modify.
- Type 1, and then press ENTER.
You must restart the computer for the new setting to take
To reproduce the problem, follow these steps:
- In Visual Studio 2005, click
New Web Site on the File menu, click ASP.NET Web Site under
DriveLetter:\Path\KB911722 in the
Location box, and then click OK.
- In Solution Explorer, right-click
Default.aspx, and then click Open.
- Replace the existing code with the following code.
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<title>Test Page for KB911722</title>
<form id="Form1" runat="server" >
<script language="C#" runat="server" >
public void Page_Load()
Label1.Text = "EnableViewState attribute is set to " + Page.EnableViewState.ToString();
<asp:Label id="Label1" runat="server" Text="text"></asp:Label>
- On the Debug menu, click Start
You receive the error message that is mentioned in the
For more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and
signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions