Re: DPAPI Enterprise Services Example

From: Bill Heckle (billheckle.spam_at_hotmail.com)
Date: 08/27/04 

Date: Thu, 26 Aug 2004 23:23:02 -0700

Paul,

Thank you very much for responding. I tried changing the account that Com+
used to activate the component. I switched it to my development account. I
got a new error saying that the registry
key,HKEY_CLASSES_ROOT\DPAPIComp.DataProtectorComp, could not be accessed. I
looked at the permissions for the key and believe every account that matters
has access. Obviously, I am wrong. Any thoughts would be helpful. Currently
the following account and roles have access.
       Administrators,Application Test Center,aspnet_wp account(ASPNET),my
development account,OWNER,DPAPIAccount(my original com+ activation account),
local service,service,network,power users,system and users

Thanks.

"Paul Glavich [MVP - ASP.NET]" wrote:

> Sorry, correction to my last post, the path to the directory is :-
> \Documents and Settings\All Users\Application Data\Microsoft\Crypto
>
> or even just
>
> \Documents and Settings\All Users\Application
> Data\Microsoft\Crypto\RSA\MachineKeys
>
> I think may do the trick.
>
> --
> - Paul Glavich
> Microsoft MVP - ASP.NET
>
>
> "Paul Glavich [MVP - ASP.NET]" <glav@aspalliance.com-NOSPAM> wrote in
> message news:echdn5ciEHA.3428@TK2MSFTNGP11.phx.gbl...
> > Looks like you are using a ServicedComponent in COM+? That may complicate
> > things a little but you may need to give read/write access to whichever
> user
> > you are running under (might be ASPNET, NETWORK SERVICE, or the defined
> > identity in COM+) to your "\Document And
> > Settings\{user}\ApplicationData\Crypto" directory.
> >
> > --
> > - Paul Glavich
> > Microsoft MVP - ASP.NET
> >
> >
> > "Bill Heckle" <billheckle.spam@hotmail.com> wrote in message
> > news:D0CD2FDF-F29C-46E4-955A-5665AFE9603A@microsoft.com...
> > > I am trying to work through the sample from msdn, "How To Use DPAPI
> (User
> > > Store) from ASP.NET with Enterprise Services". I thought I had
> everything
> > > configured correctly. I tried to test the service and get the following
> > > error.(Sorry for encluding every line). I am confused as to what setting
> > is
> > > incorrectly set. Additionally, the paragraph on giving asp.net access
> > doesn't
> > > help me at all. Thanks for help, as I don't want to keep thrashing
> about.
> > Any
> > > advice on where to read more about security in general is appreciated.
> > >
> > > Exception Details: System.UnauthorizedAccessException: Access is denied.
> > > ASP.NET is not authorized to access the requested resource. Consider
> > > granting access rights to the resource to the ASP.NET request identity.
> > > ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
> > or
> > > Network Service on IIS 6) that is used if the application is not
> > > impersonating. If the application is impersonating via <identity
> > > impersonate="true"/>, the identity will be the anonymous user (typically
> > > IUSR_MACHINENAME) or the authenticated request user.
> > >
> > > To grant ASP.NET write access to a file, right-click the file in
> Explorer,
> > > choose "Properties" and select the Security tab. Click "Add" to add the
> > > appropriate user or group. Highlight the ASP.NET account, and check the
> > boxes
> > > for the desired access.
> > >
> > > Source Error:
> > > Line 59: private void btnEncrypt_Click(object sender, System.EventArgs
> e)
> > > Line 60: {
> > > Line 61: DataProtectorComp dp = new DataProtectorComp();
> > > Line 62: try
> > > Line 63: {
> > >
> > > Source File: c:\documents and
> > > settings\bill\vswebcache\billfun\dpapiweb\webform1.aspx.cs Line: 61
> > >
> > > Stack Trace:
> > >
> > > [UnauthorizedAccessException: Access is denied.]
> > > System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
> > > errorCode, IntPtr errorInfo) +0
> > > System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType,
> > > Boolean bQuerySCInfo, Boolean& bIsAnotherProcess, String& uri) +581
> > >
> > >
> >
> System.EnterpriseServices.ServicedComponentProxyAttribute.CreateInstance(Typ
> > e
> > > serverType) +181
> > >
> > >
> >
> System.Runtime.Remoting.Activation.ActivationServices.IsCurrentContextOK(Typ
> > e
> > > serverType, Object[] props, Boolean bNewObj) +74
> > > DPAPIWeb.WebForm1.btnEncrypt_Click(Object sender, EventArgs e) in
> > > c:\documents and settings\bill
> > > heckle\vswebcache\billfun\dpapiweb\webform1.aspx.cs:61
> > > System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
> > >
> > >
> >
> System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePo
> > stBackEvent(String eventArgument) +57
> > > System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
> > > sourceControl, String eventArgument) +18
> > > System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
> +33
> > > System.Web.UI.Page.ProcessRequestMain() +1277
> > >
> > >
> > >
> > >
> >
> >
>
>
>

Quantcast