RE: DPAPI failing with user store (revisited)

From: Jason Duckers (JasonDuckers_at_discussions.microsoft.com)
Date: 01/28/05

• Next message: Joe Rigley: "Seamless Login Page with ASP Dotnet"
• Previous message: Dominick Baier: "RE: DPAPI failing with user store (revisited)"
• In reply to: Dominick Baier: "RE: DPAPI failing with user store (revisited)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Jan 2005 04:59:02 -0800

ok sure thing...sounds good

i have spent quite a bit fo time getting to where i am right now using dpapi
from a serviced component...

i only really want to change tactics if i really have to, like it aint gonna
work...but thanks for the info

"Dominick Baier" wrote:

> no..but this is the usual workaround - COM+ does load User Profiles...
>
> In whidbey we have the remoting IPC channel which is a nice alternative to Enterprise Services...
>
> Dominick - DevelopMentor
> http://www.leastprivilege.com
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<04B5C3D2-735D-444F-8C2B-97844FBF8DC4@microsoft.com>
>
> did you read the article in my link? that is precisely why the dpapi is
> called from a serviced component which runs under a known domain user account
>
>
> "Dominick Baier" wrote:
>
> > you can't use UserStore in an ASP.NET application -
> >
> > the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
> >
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> > nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/>
> >
> > first of all apologies if i am repeating posts but i am yet to find a
> > satisfactory conclusion...
> >
> > i have followed these procedures to the letter and have ran into problems : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
> >
> > the encryption and decrpytion works fine on my dev machine utilising a
> > domain user account but when i transfered my app to another server things
> > went wrong, the decrytption is failing...
> >
> > the error thrown is as follows :
> >
> > Exception decrypting. Exception decrypting. Decryption failed. Key not valid
> > for use in specified state.
> >
> > this would suggest to me that the machine store method is being utilised
> > rather that the user store but this is definately not the case...
> >
> > thank you very much in advance for any help...
> >
> > - jd
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
> >
>
> [microsoft.public.dotnet.framework.aspnet.security]
>

• Next message: Joe Rigley: "Seamless Login Page with ASP Dotnet"
• Previous message: Dominick Baier: "RE: DPAPI failing with user store (revisited)"
• In reply to: Dominick Baier: "RE: DPAPI failing with user store (revisited)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages DPAPI failing with user store (revisited) ... domain user account but when i transfered my app to another server things ... Exception decrypting. ... this would suggest to me that the machine store method is being utilised ... (microsoft.public.dotnet.framework.aspnet.security) DPAPI failing with user store (revisited) ... domain user account but when i transfered my app to another server things ... Exception decrypting. ... this would suggest to me that the machine store method is being utilised ... (microsoft.public.dotnet.framework.aspnet.security) RE: DPAPI failing with user store (revisited) ... called from a serviced component which runs under a known domain user account ... "Dominick Baier" wrote: ... > Exception decrypting. ... (microsoft.public.dotnet.framework.aspnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint