DPAPI (Machine Store) Access Denied Problem.

Discussion in 'ASP .Net Security' started by Sachin Chavan, May 10, 2006.

  1. Hi,

    I am using DPAPI for encrypting and decrypting my connection string.

    What i hv did is created a dll assembly which calls win32 API's
    CryptProtectData & CryptUnprotectData and in turn windows app and web app
    calls this dll assembly for encrypting and decrypting data respectively.

    Now, when i developed code and tested it on WinXP SP2 everything works
    perfectly fine.
    But, when i deployed these things to production server running windows 2003,
    what happened is I was able to encrypt the data with windows app but my web
    app started giving Access denied error for the data protection dll which i
    created for encrytion 'n' decryption.

    Surely i guess the problem is that ASP.Net user is not having privilage to
    run the unmanged code and that is causing the problem. Also impersonation is
    set to true in my web.config so i guess the dll is running under the Acess
    permission of the guest user.

    Please guide me out this problem.

    Thanks
    Sachin.
     
    Sachin Chavan, May 10, 2006
    #1
    1. Advertising

  2. Hello,

    As you suspect, the problem may be a issue with code access security or
    ASP.NET security. I suggest you may first grant the assembly (the data
    protection dll ) with full trust security. (In Administrator
    tools/Microsoft .NET framework 2.0 configration). And, change the
    application pool's identity to a local administrator, (you may temporarily
    disable impersonate) to see if this will work.

    Regards,

    Luke Zhang
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Luke Zhang [MSFT], May 11, 2006
    #2
    1. Advertising

  3. "Luke Zhang [MSFT]" wrote:

    > Hello,
    >
    > As you suspect, the problem may be a issue with code access security or
    > ASP.NET security. I suggest you may first grant the assembly (the data
    > protection dll ) with full trust security. (In Administrator
    > tools/Microsoft .NET framework 2.0 configration). And, change the
    > application pool's identity to a local administrator, (you may temporarily
    > disable impersonate) to see if this will work.
    >
    > Regards,
    >
    > Luke Zhang
    > Microsoft Online Community Support
    >
    > ==================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > ==================================================
    >
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
     
    Sachin Chavan, May 11, 2006
    #3
  4. Hi Luke,

    I am using .Net fwk 1.1. I guess u suggested solution for 2.0 fwk.

    Plz, suggest some solution for .Net 1.1 fwk.

    "Luke Zhang [MSFT]" wrote:

    > Hello,
    >
    > As you suspect, the problem may be a issue with code access security or
    > ASP.NET security. I suggest you may first grant the assembly (the data
    > protection dll ) with full trust security. (In Administrator
    > tools/Microsoft .NET framework 2.0 configration). And, change the
    > application pool's identity to a local administrator, (you may temporarily
    > disable impersonate) to see if this will work.
    >
    > Regards,
    >
    > Luke Zhang
    > Microsoft Online Community Support
    >
    > ==================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > ==================================================
    >
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
     
    Sachin Chavan, May 11, 2006
    #4
  5. well - do you get "Access Denied" or a SecurityException "request for SecurityPermission
    failed" or similar??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    >
    > As you suspect, the problem may be a issue with code access security
    > or ASP.NET security. I suggest you may first grant the assembly (the
    > data protection dll ) with full trust security. (In Administrator
    > tools/Microsoft .NET framework 2.0 configration). And, change the
    > application pool's identity to a local administrator, (you may
    > temporarily disable impersonate) to see if this will work.
    >
    > Regards,
    >
    > Luke Zhang
    > Microsoft Online Community Support
    > ==================================================
    > When responding to posts, please "Reply to Group" via your newsreader
    > so
    > that others may learn and benefit from your issue.
    > ==================================================
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Dominick Baier [DevelopMentor], May 11, 2006
    #5
  6. Hello,

    ..NET Framework 1.1 also has the configration tool which named "Microsoft
    ..NET framework 1.1 configration" in the administrtive tools.

    Regards,

    Luke Zhang
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Luke Zhang [MSFT], May 12, 2006
    #6
  7. Hi Dominick,

    I get an Access Denied error, it reads somwhat like this "Access Denied
    DataProtection", where the DataProtection is the dll assembly which calls the
    DPAPI's win32 API's
    CryptProtectData & CryptUnprotectData.



    "Dominick Baier [DevelopMentor]" wrote:

    > well - do you get "Access Denied" or a SecurityException "request for SecurityPermission
    > failed" or similar??
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hello,
    > >
    > > As you suspect, the problem may be a issue with code access security
    > > or ASP.NET security. I suggest you may first grant the assembly (the
    > > data protection dll ) with full trust security. (In Administrator
    > > tools/Microsoft .NET framework 2.0 configration). And, change the
    > > application pool's identity to a local administrator, (you may
    > > temporarily disable impersonate) to see if this will work.
    > >
    > > Regards,
    > >
    > > Luke Zhang
    > > Microsoft Online Community Support
    > > ==================================================
    > > When responding to posts, please "Reply to Group" via your newsreader
    > > so
    > > that others may learn and benefit from your issue.
    > > ==================================================
    > > (This posting is provided "AS IS", with no warranties, and confers no
    > > rights.)
    > >

    >
    >
    >
     
    Sachin Chavan, May 12, 2006
    #7
  8. ok i guess we need the full exception +stack trace

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick,
    >
    > I get an Access Denied error, it reads somwhat like this "Access
    > Denied DataProtection", where the DataProtection is the dll assembly
    > which calls the DPAPI's win32 API's CryptProtectData &
    > CryptUnprotectData.
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> well - do you get "Access Denied" or a SecurityException "request for
    >> SecurityPermission failed" or similar??
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hello,
    >>>
    >>> As you suspect, the problem may be a issue with code access security
    >>> or ASP.NET security. I suggest you may first grant the assembly (the
    >>> data protection dll ) with full trust security. (In Administrator
    >>> tools/Microsoft .NET framework 2.0 configration). And, change the
    >>> application pool's identity to a local administrator, (you may
    >>> temporarily disable impersonate) to see if this will work.
    >>>
    >>> Regards,
    >>>
    >>> Luke Zhang
    >>> Microsoft Online Community Support
    >>> ==================================================
    >>> When responding to posts, please "Reply to Group" via your
    >>> newsreader
    >>> so
    >>> that others may learn and benefit from your issue.
    >>> ==================================================
    >>> (This posting is provided "AS IS", with no warranties, and confers
    >>> no
    >>> rights.)
     
    Dominick Baier [DevelopMentor], May 12, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin

    DPAPI Service Start access is denied

    Martin, Sep 6, 2004, in forum: ASP .Net Security
    Replies:
    5
    Views:
    196
    Martin
    Sep 10, 2004
  2. Martin

    Further DPAPI (user store) problems

    Martin, Sep 12, 2004, in forum: ASP .Net Security
    Replies:
    8
    Views:
    182
    Martin
    Sep 22, 2004
  3. omar

    DPAPI User Store Does Not Work as advertised

    omar, Nov 17, 2004, in forum: ASP .Net Security
    Replies:
    6
    Views:
    210
    Patricio Jutard
    Nov 20, 2004
  4. Jason Duckers

    DPAPI failing with user store (revisited)

    Jason Duckers, Jan 27, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    126
    Jason Duckers
    Jan 27, 2005
  5. Dominick Baier

    DPAPI failing with user store (revisited)

    Dominick Baier, Jan 27, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    122
    Jason Duckers
    Jan 28, 2005
Loading...

Share This Page