Ask a Question related to ASP.NET Security, Design and Development.
-
Jason Duckers #1
DPAPI failing with user store (revisited)
first of all apologies if i am repeating posts but i am yet to find a
satisfactory conclusion...
i have followed these procedures to the letter and have ran into problems
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp[/url]
the encryption and decrpytion works fine on my dev machine utilising a
domain user account but when i transfered my app to another server things
went wrong, the decrytption is failing...
the error thrown is as follows :
Exception decrypting. Exception decrypting. Decryption failed. Key not valid
for use in specified state.
this would suggest to me that the machine store method is being utilised
rather that the user store but this is definately not the case...
thank you very much in advance for any help...
- jd
Jason Duckers Guest
-
DPAPI
Hi everyone. I'm creating an app that stores DB connection strings in the web config file. I'm using the MSDN resources at... -
DPAPI User Store Does Not Work as advertised
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp I am following the above article to implement DPAPI... -
pan machine dpapi user mode problems (roaming profiles & keys)
Hi, I have a web app that uses dpapi in user mode. It's important that the keys are usable across more than one machine - in case of disaster... -
Further DPAPI (user store) problems
Hi, I am trying to get the How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services example working on my dev machine. Many thanks... -
New User Script Failing Unexpectedly.
Okay, this is a tricky one (i think so, anyway!), and rather long but pleeeeeeeease help me! I don't expect you to spend hours looking at the... -
Dominick Baier #2 DPAPI failing with user store (revisited)
you can't use UserStore in an ASP.NET application -
the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<A6AD0F2D-9A27-4BFB-879C-65B27D273D7B@microsoft.com>
first of all apologies if i am repeating posts but i am yet to find a
satisfactory conclusion...
i have followed these procedures to the letter and have ran into problems : [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp[/url]
the encryption and decrpytion works fine on my dev machine utilising a
domain user account but when i transfered my app to another server things
went wrong, the decrytption is failing...
the error thrown is as follows :
Exception decrypting. Exception decrypting. Decryption failed. Key not valid
for use in specified state.
this would suggest to me that the machine store method is being utilised
rather that the user store but this is definately not the case...
thank you very much in advance for any help...
- jd
[microsoft.public.dotnet.framework.aspnet.security]
Dominick Baier Guest
-
Jason Duckers #3 RE: DPAPI failing with user store (revisited)
did you read the article in my link? that is precisely why the dpapi is
called from a serviced component which runs under a known domain user account
"Dominick Baier" wrote:
> you can't use UserStore in an ASP.NET application -
>
> the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
>
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<A6AD0F2D-9A27-4BFB-879C-65B27D273D7B@microsoft.com>
>
> first of all apologies if i am repeating posts but i am yet to find a
> satisfactory conclusion...
>
> i have followed these procedures to the letter and have ran into problems : [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp[/url]
>
> the encryption and decrpytion works fine on my dev machine utilising a
> domain user account but when i transfered my app to another server things
> went wrong, the decrytption is failing...
>
> the error thrown is as follows :
>
> Exception decrypting. Exception decrypting. Decryption failed. Key not valid
> for use in specified state.
>
> this would suggest to me that the machine store method is being utilised
> rather that the user store but this is definately not the case...
>
> thank you very much in advance for any help...
>
> - jd
>
> [microsoft.public.dotnet.framework.aspnet.security]
>Jason Duckers Guest
-
Dominick Baier #4 RE: DPAPI failing with user store (revisited)
no..but this is the usual workaround - COM+ does load User Profiles...
In whidbey we have the remoting IPC channel which is a nice alternative to Enterprise Services...
Dominick - DevelopMentor
[url]http://www.leastprivilege.com[/url]
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<04B5C3D2-735D-444F-8C2B-97844FBF8DC4@microsoft.com>
did you read the article in my link? that is precisely why the dpapi is
called from a serviced component which runs under a known domain user account
"Dominick Baier" wrote:
[microsoft.public.dotnet.framework.aspnet.security]> you can't use UserStore in an ASP.NET application -
>
> the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
>
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<A6AD0F2D-9A27-4BFB-879C-65B27D273D7B@microsoft.com>
>
> first of all apologies if i am repeating posts but i am yet to find a
> satisfactory conclusion...
>
> i have followed these procedures to the letter and have ran into problems : [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp[/url]
>
> the encryption and decrpytion works fine on my dev machine utilising a
> domain user account but when i transfered my app to another server things
> went wrong, the decrytption is failing...
>
> the error thrown is as follows :
>
> Exception decrypting. Exception decrypting. Decryption failed. Key not valid
> for use in specified state.
>
> this would suggest to me that the machine store method is being utilised
> rather that the user store but this is definately not the case...
>
> thank you very much in advance for any help...
>
> - jd
>
> [microsoft.public.dotnet.framework.aspnet.security]
>
Dominick Baier Guest
-
Jason Duckers #5 RE: DPAPI failing with user store (revisited)
ok sure thing...sounds good
i have spent quite a bit fo time getting to where i am right now using dpapi
from a serviced component...
i only really want to change tactics if i really have to, like it aint gonna
work...but thanks for the info
"Dominick Baier" wrote:
> no..but this is the usual workaround - COM+ does load User Profiles...
>
> In whidbey we have the remoting IPC channel which is a nice alternative to Enterprise Services...
>
> Dominick - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<04B5C3D2-735D-444F-8C2B-97844FBF8DC4@microsoft.com>
>
> did you read the article in my link? that is precisely why the dpapi is
> called from a serviced component which runs under a known domain user account
>
>
> "Dominick Baier" wrote:
>>> > you can't use UserStore in an ASP.NET application -
> >
> > the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
> >
> > Dominick Baier - DevelopMentor
> > [url]http://www.leastprivilege.com[/url]
> >
> > nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<A6AD0F2D-9A27-4BFB-879C-65B27D273D7B@microsoft.com>
> >
> > first of all apologies if i am repeating posts but i am yet to find a
> > satisfactory conclusion...
> >
> > i have followed these procedures to the letter and have ran into problems : [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp[/url]
> >
> > the encryption and decrpytion works fine on my dev machine utilising a
> > domain user account but when i transfered my app to another server things
> > went wrong, the decrytption is failing...
> >
> > the error thrown is as follows :
> >
> > Exception decrypting. Exception decrypting. Decryption failed. Key not valid
> > for use in specified state.
> >
> > this would suggest to me that the machine store method is being utilised
> > rather that the user store but this is definately not the case...
> >
> > thank you very much in advance for any help...
> >
> > - jd
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
> >
> [microsoft.public.dotnet.framework.aspnet.security]
>Jason Duckers Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
