You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When upgrading between different versions of Azure.Extensions.AspNetCore.DataProtection.Keys, we're seeing the following error:
Could not load file or assembly 'Azure.Extensions.AspNetCore.DataProtection.Keys, Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
I first thought this was an issue with Azure.Extensions.AspNetCore.DataProtection.Keys itself (see Azure/azure-sdk-for-net#42223), but ended up tracking down the bug to this PR.
Expected Behavior
Being able to upgrade to newer versions of Azure.Extensions.AspNetCore.DataProtection.Keys, without having to manually patch key entries in our database.
Set up DataProtection with ProtectKeysWithAzureKeyVault
Protect something so key is stored
Update to Azure.Extensions.AspNetCore.DataProtection.Keys v1.2.3
Attempt to unprotect the same thing that was just protected with the previous version
Exceptions (if any)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.CreateDecryptor(IActivator activator, String decryptorTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.<GetLazyDescriptorDelegate>g__GetLazyDescriptorDelegate|0()
at System.Lazy`1.CreateValue()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Lazy`1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.KeyHolder.GetEncryptorInstance(Boolean& isRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.GetAuthenticatedEncryptorByKeyId(Guid keyId, Boolean& isRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
.NET Version
.NET Framework 4.8.4645.0
Anything else?
The code in XmlEncryptionExtensions used to call IActivator.CreateInstance directly. Since the KeyVault extensions register their own IActivator, which handles their own forwarding, it worked across versions, but after the change in #41650, it tries to call Type.GetType first, which results in the mentioned System.IO.FileLoadException.
I think the fix here is probably just to catch the exception from Type.GetType and fall back to calling activator.CreateInstance<IXmlDecryptor>(decryptorTypeName). I can send a PR if that sounds reasonable.
Is there an existing issue for this?
Describe the bug
When upgrading between different versions of Azure.Extensions.AspNetCore.DataProtection.Keys, we're seeing the following error:
I first thought this was an issue with Azure.Extensions.AspNetCore.DataProtection.Keys itself (see Azure/azure-sdk-for-net#42223), but ended up tracking down the bug to this PR.
Expected Behavior
Being able to upgrade to newer versions of Azure.Extensions.AspNetCore.DataProtection.Keys, without having to manually patch key entries in our database.
Steps To Reproduce
Azure.Extensions.AspNetCore.DataProtection.Keys
v1.2.2ProtectKeysWithAzureKeyVault
Azure.Extensions.AspNetCore.DataProtection.Keys
v1.2.3Exceptions (if any)
.NET Version
.NET Framework 4.8.4645.0
Anything else?
The code in
XmlEncryptionExtensions
used to callIActivator.CreateInstance
directly. Since the KeyVault extensions register their ownIActivator
, which handles their own forwarding, it worked across versions, but after the change in #41650, it tries to callType.GetType
first, which results in the mentionedSystem.IO.FileLoadException
.I think the fix here is probably just to catch the exception from
Type.GetType
and fall back to callingactivator.CreateInstance<IXmlDecryptor>(decryptorTypeName)
. I can send a PR if that sounds reasonable.// @JamesNK @amcasey
The text was updated successfully, but these errors were encountered: