DPAPI Exception Decrypting across domain

[PK9]

Hi, I'm using the dpapi to encrypt and decrypt data that is passed between
computers on a domain. The system has a presentation tier server (domain
controller), web services tier server and a database server. I am encrypting
data from the presentation tier which is sent to the web services tier via
soap headers. The soap header data is then decrypted on the web services
tier, or at least that's what I'm trying to do... This all works fine on the
development machine where all three tiers are on one computer. I am trying
to deploy this on the test servers am getting the following error:
"Exception Decrypting. Decryption Failed. Key not valid for use in
specified state." The dataprotecter class of the
Microsoft.applicationBlocks.data is throwing this exception. I am using
Store.Machine. I have learned from research that the data is encrypted based
on the computer GUID so I'm sure the seed will be different between the two
servers. I also have delegation turned on in active directory between the
domain controller and the other domain controller. Is there anything else I
am missing to be able to share the key between computers on a domain? Any
help is appreciated.
Thanks!

 

[Dominick Baier [DevelopMentor]]

Hello PK9,

if you use the Machine Store you can only decrypt on the machine where you
encrypted.

ASP.NET can't use the user store as there is no profile loaded for the account
asp.net runs under.

If you want to use DPAPI using a specific user - factor out the encryption/decryption
logic in a ServicedComponent (Enterprise Services).