Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > DPAPI (Machine Store) Access Denied Problem.

Reply
Thread Tools

DPAPI (Machine Store) Access Denied Problem.

 
 
Sachin Chavan
Guest
Posts: n/a
 
      05-10-2006
Hi,

I am using DPAPI for encrypting and decrypting my connection string.

What i hv did is created a dll assembly which calls win32 API's
CryptProtectData & CryptUnprotectData and in turn windows app and web app
calls this dll assembly for encrypting and decrypting data respectively.

Now, when i developed code and tested it on WinXP SP2 everything works
perfectly fine.
But, when i deployed these things to production server running windows 2003,
what happened is I was able to encrypt the data with windows app but my web
app started giving Access denied error for the data protection dll which i
created for encrytion 'n' decryption.

Surely i guess the problem is that ASP.Net user is not having privilage to
run the unmanged code and that is causing the problem. Also impersonation is
set to true in my web.config so i guess the dll is running under the Acess
permission of the guest user.

Please guide me out this problem.

Thanks
Sachin.
 
Reply With Quote
 
 
 
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      05-11-2006
Hello,

As you suspect, the problem may be a issue with code access security or
ASP.NET security. I suggest you may first grant the assembly (the data
protection dll ) with full trust security. (In Administrator
tools/Microsoft .NET framework 2.0 configration). And, change the
application pool's identity to a local administrator, (you may temporarily
disable impersonate) to see if this will work.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
 
Sachin Chavan
Guest
Posts: n/a
 
      05-11-2006


"Luke Zhang [MSFT]" wrote:

> Hello,
>
> As you suspect, the problem may be a issue with code access security or
> ASP.NET security. I suggest you may first grant the assembly (the data
> protection dll ) with full trust security. (In Administrator
> tools/Microsoft .NET framework 2.0 configration). And, change the
> application pool's identity to a local administrator, (you may temporarily
> disable impersonate) to see if this will work.
>
> Regards,
>
> Luke Zhang
> Microsoft Online Community Support
>
> ==================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================
>
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

 
Reply With Quote
 
Sachin Chavan
Guest
Posts: n/a
 
      05-11-2006
Hi Luke,

I am using .Net fwk 1.1. I guess u suggested solution for 2.0 fwk.

Plz, suggest some solution for .Net 1.1 fwk.

"Luke Zhang [MSFT]" wrote:

> Hello,
>
> As you suspect, the problem may be a issue with code access security or
> ASP.NET security. I suggest you may first grant the assembly (the data
> protection dll ) with full trust security. (In Administrator
> tools/Microsoft .NET framework 2.0 configration). And, change the
> application pool's identity to a local administrator, (you may temporarily
> disable impersonate) to see if this will work.
>
> Regards,
>
> Luke Zhang
> Microsoft Online Community Support
>
> ==================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================
>
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      05-11-2006
well - do you get "Access Denied" or a SecurityException "request for SecurityPermission
failed" or similar??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hello,
>
> As you suspect, the problem may be a issue with code access security
> or ASP.NET security. I suggest you may first grant the assembly (the
> data protection dll ) with full trust security. (In Administrator
> tools/Microsoft .NET framework 2.0 configration). And, change the
> application pool's identity to a local administrator, (you may
> temporarily disable impersonate) to see if this will work.
>
> Regards,
>
> Luke Zhang
> Microsoft Online Community Support
> ==================================================
> When responding to posts, please "Reply to Group" via your newsreader
> so
> that others may learn and benefit from your issue.
> ==================================================
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>



 
Reply With Quote
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      05-12-2006
Hello,

..NET Framework 1.1 also has the configration tool which named "Microsoft
..NET framework 1.1 configration" in the administrtive tools.

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Sachin Chavan
Guest
Posts: n/a
 
      05-12-2006
Hi Dominick,

I get an Access Denied error, it reads somwhat like this "Access Denied
DataProtection", where the DataProtection is the dll assembly which calls the
DPAPI's win32 API's
CryptProtectData & CryptUnprotectData.



"Dominick Baier [DevelopMentor]" wrote:

> well - do you get "Access Denied" or a SecurityException "request for SecurityPermission
> failed" or similar??
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hello,
> >
> > As you suspect, the problem may be a issue with code access security
> > or ASP.NET security. I suggest you may first grant the assembly (the
> > data protection dll ) with full trust security. (In Administrator
> > tools/Microsoft .NET framework 2.0 configration). And, change the
> > application pool's identity to a local administrator, (you may
> > temporarily disable impersonate) to see if this will work.
> >
> > Regards,
> >
> > Luke Zhang
> > Microsoft Online Community Support
> > ==================================================
> > When responding to posts, please "Reply to Group" via your newsreader
> > so
> > that others may learn and benefit from your issue.
> > ==================================================
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >

>
>
>

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      05-12-2006
ok i guess we need the full exception +stack trace

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi Dominick,
>
> I get an Access Denied error, it reads somwhat like this "Access
> Denied DataProtection", where the DataProtection is the dll assembly
> which calls the DPAPI's win32 API's CryptProtectData &
> CryptUnprotectData.
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> well - do you get "Access Denied" or a SecurityException "request for
>> SecurityPermission failed" or similar??
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hello,
>>>
>>> As you suspect, the problem may be a issue with code access security
>>> or ASP.NET security. I suggest you may first grant the assembly (the
>>> data protection dll ) with full trust security. (In Administrator
>>> tools/Microsoft .NET framework 2.0 configration). And, change the
>>> application pool's identity to a local administrator, (you may
>>> temporarily disable impersonate) to see if this will work.
>>>
>>> Regards,
>>>
>>> Luke Zhang
>>> Microsoft Online Community Support
>>> ==================================================
>>> When responding to posts, please "Reply to Group" via your
>>> newsreader
>>> so
>>> that others may learn and benefit from your issue.
>>> ==================================================
>>> (This posting is provided "AS IS", with no warranties, and confers
>>> no
>>> rights.)



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity Jay ASP .Net 2 08-20-2007 07:38 PM
DPAPI - decrypt error: Decryption failed. Key not valid for use in specified state. BigLuzer ASP .Net 1 11-21-2006 04:05 PM
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM
DPAPI Service Start access is denied Martin ASP .Net Security 5 09-10-2004 07:53 AM
DPAPI and connection string Kevin Cunningham ASP .Net Security 1 10-16-2003 06:04 PM



Advertisments