Re: AcquireContext call fails on some users only

From: Ryan Menezes [MSFT] (ryanmen_at_online.microsoft.com)
Date: 03/26/04

Next message: Michel Gallant: "Re: Base 64 to PUBLICKEYBLOB"
Previous message: Jim: "AcquireContext call fails on some users only"
In reply to: Jim: "AcquireContext call fails on some users only"
Next in thread: Jim: "Re: AcquireContext call fails on some users only"
Reply: Jim: "Re: AcquireContext call fails on some users only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Mar 2004 15:36:39 -0800

What is the result of GetLastError() ?

User containers should work just fine. However if you created the machine
container with the local user and tried to access it as another user (domain
user in your case), it will fail the ACL check. It is probably going to say
NTE_BAD_KEYSET (CRYPT_MACHINE_KEYSET) and NTE_EXISTS (CRYPT_NEWKEYSET |
CRYPT_MACHINE_KEYSET) for the second user

-- 
Thanks,
Ryan Menezes [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jim" <anonymous@discussions.microsoft.com> wrote in message
news:1393601c412bf$5959d710$a401280a@phx.gbl...
> Hello,
>
> I'm having a problem with CryptAcquireContext
> (with "Microsoft Base
> Cryptographic Provider v1.0") in XP on the SAME machine
> but different
> users.
>
> It succeeds when the user logs onto the local machine
> accout.
> But when the user logs onto a network account,
> CryptAcquireContext
> fails.
>
> I'm using PROV_RSA_FULL (1) for the provType parameter,
> (CRYPT_NEWKEYSET or CRYPT_MACHINE_KEYSET) for the flags
> parameter,
> and a 12 character, null-term string for the container
> parameter.
>
> Any ideas on this?  Thanks for any help.
>
> Jim

Next message: Michel Gallant: "Re: Base 64 to PUBLICKEYBLOB"
Previous message: Jim: "AcquireContext call fails on some users only"
In reply to: Jim: "AcquireContext call fails on some users only"
Next in thread: Jim: "Re: AcquireContext call fails on some users only"
Reply: Jim: "Re: AcquireContext call fails on some users only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Basic questions about CryptAcquireContext and thread safety
... As each server thread starts, CryptAcquireContext() is invoked with a NULL container name and the CRYPT_VERIFYCONTEXT bit in order to create a HCRYPTPROV for the thread. ... Is it safe to call CryptAcquireContext/CryptReleaseContext within the scope of a function, without disturbing or overwriting cryptographic information associated with other HCRYPTPROV handles in that thread? ...
(microsoft.public.platformsdk.security)
Re: RSA Encryption without Session Keys - (I know its a bad idea)
... CryptAcquireContext. ... container which is gone when you call CryptReleaseContext, ... "Mounir IDRASSI" wrote: ... If you want to do encryption, you certainly have only the certificate ...
(microsoft.public.platformsdk.security)
CryptGetUserKey fails with 8009000d
... I have written a Active X DLL in VB to take care of some cryptography ... The first problem I had was getting CryptAcquireContext to work on the ... ' try to acquire the existing container ... account that is logged in then I don't need to use ...
(microsoft.public.platformsdk.security)
Re: Acquiring private key
... What you don't simply use HCRYPTPROV you get from the first ... CryptAcquireContext, then CryptGetUserKey, then retrieves the certificate ... > If you want to access the private key of a smart card from a service, ... > container name), then enumerate all the containers in order to choose ...
(microsoft.public.platformsdk.security)
Re: Application requirement for persistent key pairs
... You can import key pairs, ... protect their storage medium as you see fit. ... I need to CryptAcquireContext with the flag CRYPT_MACHINE_KEYSET as I will ... If I name my container something appropriate for my application to access ...
(microsoft.public.platformsdk.security)