9

I am getting this error now whenever I try to build. I just installed Visual Studio 2012 and .Net 4.5, but this project is still on 2010.

Here is the line of code I am having issues with:

private static MethodInfo _encode;
public static string Encode(CookieProtection cookieProtection, byte[] buf, int count)
{
  return (string)_encode.Invoke(null, new object[] { cookieProtection, buf, count });
}

I receive an ArgumentException was unhandled by user code error saying, "Object of type 'System.Int32' cannot be converted to type 'System.Web.Security.Cryptography.Purpose'" Nothing has changed in my dev environment and my co-workers are not having the same problem, but they also do not have VS2012.

I found an article about Sitecore having this error, but this is the only place I have seen it pop up.

There they say, "This is because in .NET 4.5 there are some new namespaces in System.Web "

Their solution is to:

  • Uninstall VS11 if you have it installed
  • Uninstall .NET 4.5
  • Reinstall .NET 4

This seem like a ridiculous solution that 4.5 and 4 cant be on the same machine.

Does anyone know what may be causing this and any better solutions before I try to un-install and re-install a bunch of stuff?

A comment also says to try: </setting name="login.rememberlastloggedinusername" value="false" > but I don't want to do that either.

kamranicus
  • 4,207
  • 2
  • 39
  • 57
JCisar
  • 2,584
  • 2
  • 29
  • 28
  • Hard to really know what's going on with what you've provided. i.e. there's nothing you've posted that actually uses the type Purpose. What method are you trying to invoke? – Peter Ritchie Aug 06 '12 at 15:56
  • Sorry, I have added where I am making the call to this. Is that enough information? – JCisar Aug 06 '12 at 16:12
  • I don't see how your edit relates to the code you originally posted and said had "issues". What `HttpSecureCookie` class are you using? – Peter Ritchie Aug 06 '12 at 16:15
  • I never use the type Purpose, that is why I am confused. The method being invoked is MethodInfo.Invoke() http://msdn.microsoft.com/en-us/library/system.reflection.methodinfo.invoke.aspx This code hasn't even been touched in over a year in my TFS and all the sudden it stopped working. The Edit is a bad example so I will remove it. It was hitting my original code in the HttpSecureCooke Class and thought it may have been useful. – JCisar Aug 06 '12 at 16:27
  • Your code snippet is missing a key detail. What is this variable set to? `private static MethodInfo _encode;` ... Oh wait, scratch that... your saying you have a *build* error, not a *runtime* error? – CodingWithSpike Aug 06 '12 at 16:30
  • The error fires before any page appears, but the code compiles fine. – JCisar Aug 06 '12 at 16:56
  • So I resorted to un-installing .Net 4.5 and re-installing .Net4.0 and all things work again... I just wish I knew why this would cause issues – JCisar Aug 06 '12 at 17:02

4 Answers4

9

As @hvd alluded to, this code is using reflection to call internal methods which Microsoft changed in .NET 4.5.

Fortunately .NET 4.0 introduced the System.Web.Security.MachineKey class with public Encode() and Decode() methods which accomplish basically the same thing as the internal methods in the CookieProtectionHelper. Note that cookies that were encrypted with CookieProtectionHelper.Encode() will not be able to be decrypted with MachineKey.Decode().

Also note that in .NET 4.5, these methods are deprecated in favor of Protect() and Unprotect().

John Rutherford
  • 10,704
  • 7
  • 30
  • 32
  • 1
    Thank you for this post! You gave me a great solution to what I could use instead of what I have. I will try these out! – JCisar Aug 21 '12 at 20:27
  • 1
    Replacing CookieProtectionHelper with the MachineKey.Encode() and Decode() worked for me. I'm using 4.0 but recently installed 4.5 which caused this to happen. – Induster Dec 02 '13 at 18:59
7

Change value to false in web.config:

<setting name=”Login.RememberLastLoggedInUserName” value=”false” />

(from: http://truncatedcodr.wordpress.com/2012/06/20/fix-sitecore-and-net-framework-4-5/)

Blazemonger
  • 90,923
  • 26
  • 142
  • 180
jflaga
  • 4,610
  • 2
  • 24
  • 20
3

Did you get that from here?

_encode = cookieProtectionHelper.GetMethod(
    "Encode", BindingFlags.NonPublic | BindingFlags.Static);

This relies on internal implementation details of the .NET Framework that MS never promised would remain unchanged. So yes, an in-place upgrade of the .NET Framework could very well make such code stop working. That's not a bug in .NET 4.5. That's a bug in your -- that -- code for relying on things you cannot rely upon.

And to solve it, stop using that method. If there is a public API that does what you want, use that. If there isn't, implement it yourself.

  • I dont know where the code came from... It was here before I even started working for this company. – JCisar Aug 06 '12 at 16:54
  • Either way, if that's what your `_encode` is set to, you really need to ditch it. Your code won't fail with the officially released .NET versions yet, but will soon. –  Aug 06 '12 at 17:03
  • Where does it say that newer versions will depreciate this? – JCisar Aug 07 '12 at 16:44
  • @JCisar The fact that it's already failing with the release candidate, prompting your question? It's just a matter of time until that's officially released. –  Aug 07 '12 at 18:41
  • Do you know of any alternate Methods that it would be replaced with or that I can use instead? – JCisar Aug 09 '12 at 15:50
  • @JCisar I haven't had a need for encrypted cookies, so I haven't ever looked for something like that. The article I linked to has some other links that might be useful though. –  Aug 09 '12 at 16:12
  • 1
    @JCisar - Use the static APIs on the System.Web.Security.MachineKey class. These are the supported ways of performing cryptography in ASP.NET. Internal APIs (like CookieProtectionHelper, which you were accessing via reflection) are undocumented and unsupported and can be removed at any time, which is what happened here. – Levi Aug 13 '12 at 01:59
1

If you see this error whilst using the CMS software Ektron, the following is in their 8.7 release notes-

71233—If you installed an 8.6.1 site and enabled cookie encryption in web.config (), then installed Microsoft .NET Framework 4.5, you saw this error:

 Server Error in '/' Application. 
 Object of type 'System.Int32' cannot be converted to type System.Web.Security.Cryptography.Purpose'. This

is fixed.

As mentioned in the other answers, one solution is to rollback to .Net framework 4.0. The other answers in this particular case with Ektron are to disable cookie encryption, or upgrade to 8.7.

Spongeboy
  • 2,232
  • 3
  • 28
  • 37