What is the default registry location that is used for the registry key ring for ASP.NET Core Data Protection system Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Come Celebrate our 10 Year Anniversary!Best way to add HKCU keys and values for all existing users and all new users?Anyone have a script to delete a specific local windows profile?The User Profile Service Failed the Logon. User Profile Cannot Be LoadedGPP and Windows7 Registry VirtualStoreI Deleted my own SID from the RegistryHow to Export a Registry HIVE (NTUSER.DAT) in PowerShellDisable Visual Effects for Windows 8.1 Virtual DesktopAcess remotely to registry with PowershellWhy is my domain account's registry hive being unloaded?What is causing these multiple HKUSID entries in the registry on my terminal server?
How can I set the aperture on my DSLR when it's attached to a telescope instead of a lens?
Why can't I install Tomboy in Ubuntu Mate 19.04?
Most bit efficient text communication method?
What do you call the main part of a joke?
What are the discoveries that have been possible with the rejection of positivism?
sinunitx package
Has negative voting ever been officially implemented in elections, or seriously proposed, or even studied?
How many morphisms from 1 to 1+1 can there be?
Which languages to learn for historical linguistics?
Is there any word for a place full of confusion?
Putting class ranking in CV, but against dept guidelines
Crossing US/Canada Border for less than 24 hours
preposition before coffee
Karn, the Great Creator - what defines a 'card from outside the game' in sealed?
If the probability of a dog barking one or more times in a given hour is 84%, then what is the probability of a dog barking in 30 minutes?
What does it mean that physics no longer uses mechanical models to describe phenomena?
How can I prevent/balance waiting and turtling as a response to cooldown mechanics
Significance of Cersei's obsession with elephants?
Random body shuffle every night—can we still function?
Trademark violation for app?
How would a mousetrap for use in space work?
Prove that BD bisects angle ABC
Dynamic filling of a region of a polar plot
An adverb for when you're not exaggerating
What is the default registry location that is used for the registry key ring for ASP.NET Core Data Protection system
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Best way to add HKCU keys and values for all existing users and all new users?Anyone have a script to delete a specific local windows profile?The User Profile Service Failed the Logon. User Profile Cannot Be LoadedGPP and Windows7 Registry VirtualStoreI Deleted my own SID from the RegistryHow to Export a Registry HIVE (NTUSER.DAT) in PowerShellDisable Visual Effects for Windows 8.1 Virtual DesktopAcess remotely to registry with PowershellWhy is my domain account's registry hive being unloaded?What is causing these multiple HKUSID entries in the registry on my terminal server?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
TL;DR;
In which registry hive does the ASP.NET Core Data protection system
store it's keys when you are running your app in IIS with a worker
process account without user profile
It looks like it's reusing the hive used by ASP.NET DPAPI, is it ?
We are setting up a bunch of asp.net core applications that need to work together and the antiforgery validation is currently messing things up for POST requests.
It looks like ASP.NET core Data protection needs to be configured so that all applications are using the same keys.
All our applications currently run with a pool user for which neither the user profile nor the HKLM registry key ring seems to be available.
We are not allowed to activate the user profile for these pool users so we are looking to use the registry.
In the "Data protection" section of the "Host ASP.NET Core on Windows with IIS" document here we found that to configure data protection under IIS to persist the key ring, one of the approaches is to create Data Protection Registry Keys with a powershell script from github here :
This script is just called like this :
Provision-AutoGenKeys "4.0" "32" $poolSid
Reading this powershell script it seems that all it does is setting ACLs for the pool user on the following keys :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET4.0.30319.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET4.0.30319.0AutoGenKeys
Here is where I'm getting totally confused.... these look like hives for the "old" autogenerated keys for encryption by ASP.NET,
not ASP.NET Core....
So, I'm wondering... is Microsoft reusing those hives for ASP.NET Core Data Protection ?
Or should I look elsewhere ?
windows windows-server-2008-r2 windows-registry data-protection
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
TL;DR;
In which registry hive does the ASP.NET Core Data protection system
store it's keys when you are running your app in IIS with a worker
process account without user profile
It looks like it's reusing the hive used by ASP.NET DPAPI, is it ?
We are setting up a bunch of asp.net core applications that need to work together and the antiforgery validation is currently messing things up for POST requests.
It looks like ASP.NET core Data protection needs to be configured so that all applications are using the same keys.
All our applications currently run with a pool user for which neither the user profile nor the HKLM registry key ring seems to be available.
We are not allowed to activate the user profile for these pool users so we are looking to use the registry.
In the "Data protection" section of the "Host ASP.NET Core on Windows with IIS" document here we found that to configure data protection under IIS to persist the key ring, one of the approaches is to create Data Protection Registry Keys with a powershell script from github here :
This script is just called like this :
Provision-AutoGenKeys "4.0" "32" $poolSid
Reading this powershell script it seems that all it does is setting ACLs for the pool user on the following keys :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET4.0.30319.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET4.0.30319.0AutoGenKeys
Here is where I'm getting totally confused.... these look like hives for the "old" autogenerated keys for encryption by ASP.NET,
not ASP.NET Core....
So, I'm wondering... is Microsoft reusing those hives for ASP.NET Core Data Protection ?
Or should I look elsewhere ?
windows windows-server-2008-r2 windows-registry data-protection
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
TL;DR;
In which registry hive does the ASP.NET Core Data protection system
store it's keys when you are running your app in IIS with a worker
process account without user profile
It looks like it's reusing the hive used by ASP.NET DPAPI, is it ?
We are setting up a bunch of asp.net core applications that need to work together and the antiforgery validation is currently messing things up for POST requests.
It looks like ASP.NET core Data protection needs to be configured so that all applications are using the same keys.
All our applications currently run with a pool user for which neither the user profile nor the HKLM registry key ring seems to be available.
We are not allowed to activate the user profile for these pool users so we are looking to use the registry.
In the "Data protection" section of the "Host ASP.NET Core on Windows with IIS" document here we found that to configure data protection under IIS to persist the key ring, one of the approaches is to create Data Protection Registry Keys with a powershell script from github here :
This script is just called like this :
Provision-AutoGenKeys "4.0" "32" $poolSid
Reading this powershell script it seems that all it does is setting ACLs for the pool user on the following keys :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET4.0.30319.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET4.0.30319.0AutoGenKeys
Here is where I'm getting totally confused.... these look like hives for the "old" autogenerated keys for encryption by ASP.NET,
not ASP.NET Core....
So, I'm wondering... is Microsoft reusing those hives for ASP.NET Core Data Protection ?
Or should I look elsewhere ?
windows windows-server-2008-r2 windows-registry data-protection
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
TL;DR;
In which registry hive does the ASP.NET Core Data protection system
store it's keys when you are running your app in IIS with a worker
process account without user profile
It looks like it's reusing the hive used by ASP.NET DPAPI, is it ?
We are setting up a bunch of asp.net core applications that need to work together and the antiforgery validation is currently messing things up for POST requests.
It looks like ASP.NET core Data protection needs to be configured so that all applications are using the same keys.
All our applications currently run with a pool user for which neither the user profile nor the HKLM registry key ring seems to be available.
We are not allowed to activate the user profile for these pool users so we are looking to use the registry.
In the "Data protection" section of the "Host ASP.NET Core on Windows with IIS" document here we found that to configure data protection under IIS to persist the key ring, one of the approaches is to create Data Protection Registry Keys with a powershell script from github here :
This script is just called like this :
Provision-AutoGenKeys "4.0" "32" $poolSid
Reading this powershell script it seems that all it does is setting ACLs for the pool user on the following keys :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET4.0.30319.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET2.0.50727.0AutoGenKeys
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftASP.NET4.0.30319.0AutoGenKeys
Here is where I'm getting totally confused.... these look like hives for the "old" autogenerated keys for encryption by ASP.NET,
not ASP.NET Core....
So, I'm wondering... is Microsoft reusing those hives for ASP.NET Core Data Protection ?
Or should I look elsewhere ?
windows windows-server-2008-r2 windows-registry data-protection
windows windows-server-2008-r2 windows-registry data-protection
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 21 hours ago
AardVark71
asked Apr 14 at 12:07
AardVark71AardVark71
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 14 at 12:07
AardVark71AardVark71
1011
asked Apr 14 at 12:07
AardVark71AardVark71
1011
1011
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
AardVark71 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
ASP.NET Core can store Keys pretty much anywhere:
- File System
- Windows Registry
- IIS User Profile ( can in which keys are persisted to the HKLM registry in a special registry key that is ACLed only to the worker process account. Keys are encrypted at rest using DPAPI)
- Azure KeyVault, Azure Storage Account
- Azure app keys (at %HOME%ASP.NETDataProtection-Keys)
- SQL store
- Redis cache
- User profile (If the user profile is available, keys are at %LOCALAPPDATA%ASP.NETDataProtection-Keys folder and encrypted at rest using DPAPI for Windows)
So you should look at the location corresponding to your case/configuration.
answered 21 hours ago
OvermindOvermind
1,340514
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
AardVark71 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962982%2fwhat-is-the-default-registry-location-that-is-used-for-the-registry-key-ring-for%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
ASP.NET Core can store Keys pretty much anywhere:
- File System
- Windows Registry
- IIS User Profile ( can in which keys are persisted to the HKLM registry in a special registry key that is ACLed only to the worker process account. Keys are encrypted at rest using DPAPI)
- Azure KeyVault, Azure Storage Account
- Azure app keys (at %HOME%ASP.NETDataProtection-Keys)
- SQL store
- Redis cache
- User profile (If the user profile is available, keys are at %LOCALAPPDATA%ASP.NETDataProtection-Keys folder and encrypted at rest using DPAPI for Windows)
So you should look at the location corresponding to your case/configuration.
answered 21 hours ago
OvermindOvermind
1,340514
add a comment |
ASP.NET Core can store Keys pretty much anywhere:
- File System
- Windows Registry
- IIS User Profile ( can in which keys are persisted to the HKLM registry in a special registry key that is ACLed only to the worker process account. Keys are encrypted at rest using DPAPI)
- Azure KeyVault, Azure Storage Account
- Azure app keys (at %HOME%ASP.NETDataProtection-Keys)
- SQL store
- Redis cache
- User profile (If the user profile is available, keys are at %LOCALAPPDATA%ASP.NETDataProtection-Keys folder and encrypted at rest using DPAPI for Windows)
So you should look at the location corresponding to your case/configuration.
answered 21 hours ago
OvermindOvermind
1,340514
add a comment |
ASP.NET Core can store Keys pretty much anywhere:
- File System
- Windows Registry
- IIS User Profile ( can in which keys are persisted to the HKLM registry in a special registry key that is ACLed only to the worker process account. Keys are encrypted at rest using DPAPI)
- Azure KeyVault, Azure Storage Account
- Azure app keys (at %HOME%ASP.NETDataProtection-Keys)
- SQL store
- Redis cache
- User profile (If the user profile is available, keys are at %LOCALAPPDATA%ASP.NETDataProtection-Keys folder and encrypted at rest using DPAPI for Windows)
So you should look at the location corresponding to your case/configuration.
answered 21 hours ago
OvermindOvermind
1,340514
ASP.NET Core can store Keys pretty much anywhere:
- File System
- Windows Registry
- IIS User Profile ( can in which keys are persisted to the HKLM registry in a special registry key that is ACLed only to the worker process account. Keys are encrypted at rest using DPAPI)
- Azure KeyVault, Azure Storage Account
- Azure app keys (at %HOME%ASP.NETDataProtection-Keys)
- SQL store
- Redis cache
- User profile (If the user profile is available, keys are at %LOCALAPPDATA%ASP.NETDataProtection-Keys folder and encrypted at rest using DPAPI for Windows)
So you should look at the location corresponding to your case/configuration.
answered 21 hours ago
OvermindOvermind
1,340514
answered 21 hours ago
OvermindOvermind
1,340514
answered 21 hours ago
OvermindOvermind
1,340514
answered 21 hours ago
OvermindOvermind
1,340514
1,340514
add a comment |
add a comment |
AardVark71 is a new contributor. Be nice, and check out our Code of Conduct.
AardVark71 is a new contributor. Be nice, and check out our Code of Conduct.
AardVark71 is a new contributor. Be nice, and check out our Code of Conduct.
AardVark71 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962982%2fwhat-is-the-default-registry-location-that-is-used-for-the-registry-key-ring-for%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
