8

In our IdentityManager class we have the follow line:

protectionProvider = new DpapiDataProtectionProvider("OurProduct");

What is the implication of that last parameter, and does it have any correlation to how the site is set up on IIS?

Background: We've been deploying an MVC5 site with a custom IdentityManager class to a validation environment for a long time without hassles, and now we're getting the following issue when attempting to reset user passwords:

System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.

Some solutions are described in the following thread: Generating reset password token does not work in Azure Website

Everything is located on the same machine: IIS, Sql Server, Firefox test browser.

Unfortunately I don't have a full grasp of the concepts and I'm trying to figure out how the test environment has changed in order to trigger this issue where it's never happened before?

Improve this question
1
  • ps. We removed the problem by changing IIS settings on the target machines. Find the app pool, open Advanced Settings and change Load User Profile to true. I won't use this as the answer to this question, because that wasn't the question. Commented Oct 27, 2016 at 8:07

1 Answer 1

Reset to default
2

Since I came here looking for this and there were no answers, I decided to take a look at the code. It looks like the DataProtector.cs uses the application name (along with primary purpose and specific purposes) to create a SHA 256 hash.

Since a hash is a one way street, it should be pretty safe to put whatever you want in there. I'd imagine the more complex would be better, but the name of the app should be fine.

Hope this helps for anyone else that's overly paranoid.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This is not a hash, this is encryption mechanism that provides you the ability to decrypt the data.
It's been a while since I've looked at this. When I have time I'll take another look.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.