Just something for you .NET developers real quick. I had this problem where we were getting repeated occurances of a CryptographicException with the Exception.Message value of "padding is invalid and cannot be removed".

We were doing some request redirection to send users to an HTTPS version of their requested URL if they were requesting a secured page (online shopping checkout process) which was apparently also redirecting .NET framework requests for "WebResource.axd" and "ScriptResource.axd".

After about three hours of finding nothing but "Hey! I'm having this problem, too! kthx" on the intarwebs, I had to resort to hardcore investigation. Having realized what the hell we were doing in this code, it suddenly hit me (right in the face). Maybe not so much "hit me" as "What the hump?! System.Web.HttpApplication.BeginRequest events can be trigged by requests to .axd files?!"

Solution: If you are getting mysterious CryptographicExceptions and you're globally redirecting requests, try excluding requests to .axd files from that process.

I hope that's clear enough 'cuz that's about all the time I can spare on elaboration right now.

Good day.

-Some Rando