D
Dominick Baier
you can't use UserStore in an ASP.NET application -
the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
first of all apologies if i am repeating posts but i am yet to find a
satisfactory conclusion...
i have followed these procedures to the letter and have ran into problems : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
the encryption and decrpytion works fine on my dev machine utilising a
domain user account but when i transfered my app to another server things
went wrong, the decrytption is failing...
the error thrown is as follows :
Exception decrypting. Exception decrypting. Decryption failed. Key not valid
for use in specified state.
this would suggest to me that the machine store method is being utilised
rather that the user store but this is definately not the case...
thank you very much in advance for any help...
- jd
[microsoft.public.dotnet.framework.aspnet.security]
the DPAPI key for users is stored in the users' profile. ASP.NET does not load the userprofile for performance reasons (there is a LoadProfile win32 API - but it requires SYSTEM privs). so - you have to use the MachineStore.
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
first of all apologies if i am repeating posts but i am yet to find a
satisfactory conclusion...
i have followed these procedures to the letter and have ran into problems : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
the encryption and decrpytion works fine on my dev machine utilising a
domain user account but when i transfered my app to another server things
went wrong, the decrytption is failing...
the error thrown is as follows :
Exception decrypting. Exception decrypting. Decryption failed. Key not valid
for use in specified state.
this would suggest to me that the machine store method is being utilised
rather that the user store but this is definately not the case...
thank you very much in advance for any help...
- jd
[microsoft.public.dotnet.framework.aspnet.security]