Error Occured During a Cryptographic Operation When Trying To Run Site Locally

JuliusGoddard · March 28, 2025, 3:39pm

Hi All,

I have cloned an existing repo and have tried to run it locally using dotnet run, however, in the logs I encounter the following errors:

{"@t":"2025-03-28T12:29:42.6901787Z","@mt":"An exception occurred while trying to decrypt the element.","@l":"Error","@x":"System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.\r\n   at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapiCore(Byte* pbProtectedData, UInt32 cbProtectedData, Byte* pbOptionalEntropy, UInt32 cbOptionalEntropy)\r\n   at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapi(Byte[] protectedSecret)\r\n   at Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor.Decrypt(XElement encryptedElement)\r\n   at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)\r\n   at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)","EventId":{"Id":43,"Name":"ExceptionOccurredTryingToDecryptElement"},"SourceContext":"Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor","ProcessId":27480,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"f104b8c8f7312001256512234b47cf26fa06263a","MachineName":"XXXXXXXXXX","Log4NetLevel":"ERROR"}

Has anyone come across these types of errors before when trying to run an existing repo locally and is there a way around them?

Thanks,

Julius

sebastiaan · March 28, 2025, 3:50pm

Did you search for the error relating to Umbraco? It’s always good to mention what youve already tried. Google pointed me here, might help:

Seems like the machinekey could be the problem.

JuliusGoddard · March 31, 2025, 8:00am

I have researched other instances and tried to set a machine key with the following configuration:

using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.IO;

namespace Architecture.Web
{
    public class Program
    {
        public static void Main(string[] args)
            => CreateHostBuilder(args)
                .Build()
                .Run();

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureUmbracoDefaults()
                .ConfigureServices((hostContext, services) =>
                {
                    services.AddDataProtection()
                        .PersistKeysToFileSystem(new DirectoryInfo(@"C:\Users\xxxxxxxxx\Documents\Keys")) // Change this to a secure location
                        .SetApplicationName("MyUmbracoSite"); // Ensures keys are shared across instances
                })
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStaticWebAssets();
                    webBuilder.UseStartup<Startup>();
                });
    }
}

This didn’t work though.

sebastiaan · March 31, 2025, 8:05am

Not sure if this can work, make sure to use a web.config for the machine key.

This error usually appears when multiple frontend machines are connecting to the same database, in essence creating a load balanced environment. But I have not enough context from your posts to tell you much more.

JuliusGoddard · March 31, 2025, 9:06am

The project is a clone of an existing site using Umbraco 13.2.2 which is live and is using an existing database, the connection string looks like this:

"umbracoDbDSN": "server=.\\sqlexpress;database=xxxxxxxxxxxxxxxx;user id=remote;password='xxxxxxxxxx';TrustServerCertificate=true",

I then cloned the repo to my local machine and changed it so it runs on a local database with the connection string like this:

"umbracoDbDSN": "server=.\\SQLEXPRESS;database=UmbracoLocalDB;trusted_connection=true;TrustServerCertificate=True",

My local project connects to the database successfully and the app starts when using dotnet run, saying “now listening on https://localhost:44341” however when trying to navigate to localhost in the browser, it says “site can’t be reached” - returning the cryptographic errors in the log files.

I don’t have a web.config file (Umbraco 13 sites don’t have them, right?)

Is there any further context I could provide that would help diagnose the problems more accurately?

sebastiaan · March 31, 2025, 10:39am

Hmmm, tough one! I just noticed the error says: Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapiCore and this is not something that Umbraco ships with, it looks like it’s using Microsoft Data Protection APIs.

I realize you might have inherited this site, so my best bet would be to find someone who actually has it running to help you out with this.

The only thing I could find relating to Umbraco and DPAPI is this blog post:

That might give you some hints?

Not by default but one can always be added.

However, I believe it would only affect site runninng in IIS, so your code approach might be better.

JuliusGoddard · March 31, 2025, 1:21pm

I managed to get rid of the errors by forcing the app to use Machine Keys rather than DPAPI and storing the “keys” folder in the root of the project:

Program.cs for reference:

   public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureUmbracoDefaults()
                .ConfigureServices((hostContext, services) =>
                {
                    var keysFolder = Path.Combine(Directory.GetCurrentDirectory(), "keys");
                    Directory.CreateDirectory(keysFolder); // Ensure folder exists

                    Console.WriteLine($"[DataProtection] Keys will be stored in: {keysFolder}");

                    services.AddDataProtection()
                        .SetApplicationName("MyUmbracoSite")
                        .PersistKeysToFileSystem(new DirectoryInfo(keysFolder))
                        .UseCryptographicAlgorithms(new Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration
                        {
                            EncryptionAlgorithm = Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_256_CBC,
                            ValidationAlgorithm = Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm.HMACSHA256
                        });

                    Console.WriteLine("[DataProtection] Data Protection is now configured.");
                })
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStaticWebAssets();
                    webBuilder.UseStartup<Startup>();
                });
    }

However, when trying to restart the application, despite saying that it is listening on localhost - the browser says that the connection got unexpectedly closed, the logs say the following:

"@t":"2025-03-31T13:09:00.5478135Z","@mt":"Acquiring MainDom.","SourceContext":"Umbraco.Cms.Core.Runtime.MainDom","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:00.5556720Z","@mt":"Acquired MainDom.","SourceContext":"Umbraco.Cms.Core.Runtime.MainDom","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0808877Z","@mt":"Starting recurring background jobs hosted services","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0850552Z","@mt":"Starting background hosted service for {job}","job":"HealthCheckNotifierJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0883876Z","@mt":"Starting background hosted service for {job}","job":"KeepAliveJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0885857Z","@mt":"Starting background hosted service for {job}","job":"LogScrubberJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0887302Z","@mt":"Starting background hosted service for {job}","job":"ContentVersionCleanupJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0888645Z","@mt":"Starting background hosted service for {job}","job":"ScheduledPublishingJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0889793Z","@mt":"Starting background hosted service for {job}","job":"TempFileCleanupJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0891458Z","@mt":"Starting background hosted service for {job}","job":"InstructionProcessJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0893771Z","@mt":"Starting background hosted service for {job}","job":"TouchServerJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0896070Z","@mt":"Starting background hosted service for {job}","job":"WebhookFiring","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0897739Z","@mt":"Starting background hosted service for {job}","job":"WebhookLoggingCleanup","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0899251Z","@mt":"Starting background hosted service for {job}","job":"ReportSiteJob","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.0899879Z","@mt":"Completed starting recurring background jobs hosted services","SourceContext":"Umbraco.Cms.Infrastructure.BackgroundJobs.RecurringBackgroundJobHostedServiceRunner","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.5763538Z","@mt":"Now listening on: {address}","address":"https://localhost:44341","EventId":{"Id":14,"Name":"ListeningOnAddress"},"SourceContext":"Microsoft.Hosting.Lifetime","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.5765351Z","@mt":"Now listening on: {address}","address":"http://localhost:7045","EventId":{"Id":14,"Name":"ListeningOnAddress"},"SourceContext":"Microsoft.Hosting.Lifetime","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}
{"@t":"2025-03-31T13:09:01.5823259Z","@mt":"Umbraco is in {mode} mode, so uSync will not run this time.","mode":"Install","SourceContext":"uSync.BackOffice.Notifications.uSyncApplicationStartingHandler","ProcessId":16100,"ProcessName":"Architecture.Web","ThreadId":1,"ApplicationId":"c29c303433684f26095e3df7b2ef61017442fe04","MachineName":"xxxxxxxxx","Log4NetLevel":"INFO "}

Judging by the logs it looks like it is running fine, do you have any idea why you can’t access it via a browser?