DPAPI (Machine Store) Access Denied Problem.

[Sachin Chavan]

Hi,

I am using DPAPI for encrypting and decrypting my connection string.

What i hv did is created a dll assembly which calls win32 API's
CryptProtectData & CryptUnprotectData and in turn windows app and web app
calls this dll assembly for encrypting and decrypting data respectively.

Now, when i developed code and tested it on WinXP SP2 everything works
perfectly fine.
But, when i deployed these things to production server running windows 2003,
what happened is I was able to encrypt the data with windows app but my web
app started giving Access denied error for the data protection dll which i
created for encrytion 'n' decryption.

Surely i guess the problem is that ASP.Net user is not having privilage to
run the unmanged code and that is causing the problem. Also impersonation is
set to true in my web.config so i guess the dll is running under the Acess
permission of the guest user.

Please guide me out this problem.

Thanks
Sachin.

 

[Luke Zhang [MSFT]]

Hello,

As you suspect, the problem may be a issue with code access security or
ASP.NET security. I suggest you may first grant the assembly (the data
protection dll ) with full trust security. (In Administrator
tools/Microsoft .NET framework 2.0 configration). And, change the
application pool's identity to a local administrator, (you may temporarily
disable impersonate) to see if this will work.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Sachin Chavan]

Hello,

As you suspect, the problem may be a issue with code access security or
ASP.NET security. I suggest you may first grant the assembly (the data
protection dll ) with full trust security. (In Administrator
tools/Microsoft .NET framework 2.0 configration). And, change the
application pool's identity to a local administrator, (you may temporarily
disable impersonate) to see if this will work.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Sachin Chavan]

Hi Luke,

I am using .Net fwk 1.1. I guess u suggested solution for 2.0 fwk.

Plz, suggest some solution for .Net 1.1 fwk.

 

[Dominick Baier [DevelopMentor]]

well - do you get "Access Denied" or a SecurityException "request for SecurityPermission
failed" or similar??

 

[Luke Zhang [MSFT]]

Hello,

..NET Framework 1.1 also has the configration tool which named "Microsoft
..NET framework 1.1 configration" in the administrtive tools.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Sachin Chavan]

Hi Dominick,

I get an Access Denied error, it reads somwhat like this "Access Denied
DataProtection", where the DataProtection is the dll assembly which calls the
DPAPI's win32 API's
CryptProtectData & CryptUnprotectData.

 

[Dominick Baier [DevelopMentor]]

ok i guess we need the full exception +stack trace