DPAPI failing with user store (revisited)
From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 01/27/05
- Next message: Ken Schaefer: "Re: Impersonation"
- Previous message: Jason Duckers: "DPAPI failing with user store (revisited)"
- Next in thread: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Reply: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Maybe reply: Dominick Baier: "RE: DPAPI failing with user store (revisited)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: microsoft.public.dotnet.framework.aspnet.security Date: Thu, 27 Jan 2005 02:58:01 -0800
you can't use UserStore in an ASP.NET application -
the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/ first of all apologies if i am repeating posts but i am yet to find a
satisfactory conclusion...
i have followed these procedures to the letter and have ran into problems : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
the encryption and decrpytion works fine on my dev machine utilising a
domain user account but when i transfered my app to another server things
went wrong, the decrytption is failing...
the error thrown is as follows :
Exception decrypting. Exception decrypting. Decryption failed. Key not valid
for use in specified state.
this would suggest to me that the machine store method is being utilised
rather that the user store but this is definately not the case...
thank you very much in advance for any help...
- jd
[microsoft.public.dotnet.framework.aspnet.security]
Relevant Pages
... domain user account but when i transfered my app to another server things ... Exception decrypting. ... this would suggest to me that the machine store method is being utilised ...
(microsoft.public.dotnet.framework.aspnet.security)
... i have spent quite a bit fo time getting to where i am right now using dpapi ... > called from a serviced component which runs under a known domain user account ... >> Exception decrypting. ...
(microsoft.public.dotnet.framework.aspnet.security)
... called from a serviced component which runs under a known domain user account ... "Dominick Baier" wrote: ... > Exception decrypting. ...
(microsoft.public.dotnet.framework.aspnet.security)
... called from a serviced component which runs under a known domain user account ... > Exception decrypting. ... > this would suggest to me that the machine store method is being utilised ...
(microsoft.public.dotnet.framework.aspnet.security)
