Re: ASPNET_SETREG and Framework 1.1
From: PhilJSmith67 (dotnetjunkies_at_-NOSPAM-psmith.us)
Date: 08/25/04
- Next message: naijacoder naijacoder: "ASP.NET with ADirectory role based authentication"
- Previous message: pmkatz: "CryptographicException: Bad Data - when storing public key only in key store on encrypting machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Aug 2004 14:58:29 -0700
My colleage and I determined that generic error message that is given as a response to *anything* being slightly out of place, when using the registry/encryption option, is that there was an "error reading the password from the registry."
After chewing on this for too long, we went back to Step #1 and used ASPNET_SETREG to create the registry keys again. After experimenting, it became obvious that the encryption key used for these values is partially determined by the registry key path+name, and perhaps a creation timestamp for the key, as well.
FYI, on Windows Server 2003 / IIS 6.0, make sure that you're not using IIS 5.0 Isolation for your application pools, that the pool you're running your application under is using Network Service as a user (usually DefaultAppPool), and that Network Service user has read-access to the registry keys created by ASPNET_SETREG.
I would suggest using the instructions in the section "ASP.NET Worker Process Identity" toward the middle of http://msdn.microsoft.com/library/en-us/secmod/html/secmod15.asp?frame=true for your web.config file entries and for ASPNET_SETREG.
Philip J. Smith
--- Posted using Wimdows.net NntpNews Component - Post Made from http://www.DotNetJunkies.com/newsgroups Our newsgroup engine supports Post Alerts, Ratings, and Searching.
