RE: DPAPI failing with user store (revisited)
From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 01/28/05
- Next message: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Previous message: johnny: "calling ADSI objects from WebApplication"
- Maybe in reply to: Dominick Baier: "DPAPI failing with user store (revisited)"
- Next in thread: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Reply: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: microsoft.public.dotnet.framework.aspnet.security Date: Fri, 28 Jan 2005 02:10:17 -0800
no..but this is the usual workaround - COM+ does load User Profiles...
In whidbey we have the remoting IPC channel which is a nice alternative to Enterprise Services...
Dominick - DevelopMentor
http://www.leastprivilege.com
did you read the article in my link? that is precisely why the dpapi is
called from a serviced component which runs under a known domain user account
"Dominick Baier" wrote:
> you can't use UserStore in an ASP.NET application -
>
> the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
>
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/
>
> first of all apologies if i am repeating posts but i am yet to find a
> satisfactory conclusion...
>
> i have followed these procedures to the letter and have ran into problems : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
>
> the encryption and decrpytion works fine on my dev machine utilising a
> domain user account but when i transfered my app to another server things
> went wrong, the decrytption is failing...
>
> the error thrown is as follows :
>
> Exception decrypting. Exception decrypting. Decryption failed. Key not valid
> for use in specified state.
>
> this would suggest to me that the machine store method is being utilised
> rather that the user store but this is definately not the case...
>
> thank you very much in advance for any help...
>
> - jd
>
> [microsoft.public.dotnet.framework.aspnet.security]
>
[microsoft.public.dotnet.framework.aspnet.security]
- Next message: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Previous message: johnny: "calling ADSI objects from WebApplication"
- Maybe in reply to: Dominick Baier: "DPAPI failing with user store (revisited)"
- Next in thread: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Reply: Jason Duckers: "RE: DPAPI failing with user store (revisited)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
