IIS may log CryptographicException (The data is invalid) error if a cookie is empty and corrupt. If the issue is intermittent, an immediate solution may not be needed. However, a root cause analysis can provide valuable information and prevent the issue occurring again in the future.
Here is the error message in Event Viewer:
Event code: 3005 Exception type: CryptographicException Exception message: The data is invalid.
It’s a good idea to check application specific logs as well. In my case, the application logs showed record below.
2019-01-26 08:56:28 AM ERROR: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API. If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.
Root Cause Analysis
Considering the environment and issue story, the issue occurred possibly because of an empty or corrupt cookie. Since IIS doesn’t log the cookie information by default, It is not possible to tell which cookie it was.
Why a cookie becomes empty or corrupt? Possible reasons:
Closing the browser before the request is prepared
Having “Load User Profile” parameter set to “False” may cause CryptographicException (The data is invalid) error.
Additionally, I would recommend checking Unprotect function which mentioned in the stack trace. This function takes 3 parameters. One of them is causing this error because of an invalid input. The parameter with the issue is most likely the first one (encryptedData). Somehow, the input that was provided to this function was not in the correct format when the issue occured. You may want to debug your source code to find out possible causes.