All geek questions in one place

SignalR CryptographicException on AzureWebsites

I got this exception with SignalR deployed on Azure WebSites. It works fine in a debugging environment. This is SignalR 1.0.1 and I am using .NET MVC and WebApi

The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread user context, which may be the case when the thread is impersonating. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread user context, which may be the case when the thread is impersonating. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread user context, which may be the case when the thread is impersonating.] Microsoft.Owin.Host.SystemWeb.<>c__DisplayClass1.<GetRethrowWithNoStackLossDelegate>b__0(Exception ex) +27 Microsoft.Owin.Host.SystemWeb.Utils.RethrowWithOriginalStack(Exception ex) +15 Microsoft.Owin.Host.SystemWeb.CallContextAsyncResult.End(IAsyncResult result) +47 Microsoft.Owin.Host.SystemWeb.OwinHttpHandler.EndProcessRequest(IAsyncResult result) +7 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9629708 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Do you have any ideas? Thanks

+3
source share
4 answers

For others who came to this page, I had the same problem, but the solution was much simpler. As mentioned in the comments above, the accepted answer is bad. It is also mentioned that SignalR uses MachineKeyDataProtector for IProtectedData by default. MapHubs and MapConnection both calls to the InitializeProtectedData function, which registers MachineKeyDataProtector with a dependency MapConnection .

My problem was that I mapped SignalR routes, and THEN set up the dependency ID

 RouteTable.Routes.MapConnection<SomeEndpoint>("SomeEndpoint", "SomeEndpointUrl"); GlobalHost.DependencyResolver = new StructureMapDependencyResolver(ObjectFactory.Container);

So basically the IProtectedData recognizer registration done by MapConnection -> InitializeProtectedData went astray when I registered my custom resolver. A simple fix, install the converter BEFORE displaying the connection.

 GlobalHost.DependencyResolver = new StructureMapDependencyResolver(ObjectFactory.Container); RouteTable.Routes.MapConnection<SomeEndpoint>("SomeEndpoint", "SomeEndpointUrl");
+5
source

This is the only message that allowed me to solve the same problem using the following code. dfowlers mention of registering an instance of IProtectedData led me to search and find a definition here .

Note. This problem did not occur when using the Visual Studio development server, but when moving to life. I am glad I found this post as I have no idea how I should have known to implement IProtectedData otherwise. Perhaps the documentation has something deeper.

Whether this is a 100% correct solution, I am not sure, but it worked for me. I created a class that implements IProtectedData, and then registered it with Ninject.

Grade:

 using Microsoft.AspNet.SignalR.Infrastructure; namespace Fwr.DataTeamUploader.Logic { public class ProtectedData : IProtectedData { // Obviously this isn't doing much to protect the data, // assume custom encryption required here // To reiterate, no encryption is VERY^4 BAD, see comments. public string Protect(string data, string purpose) { return data; } public string Unprotect(string protectedValue, string purpose) { return protectedValue; } } }

Register Nina:

 /// <summary> /// Load your modules or register your services here /// </summary> /// <param name="kernel">The kernel.</param> private static void RegisterServices(IKernel kernel) { ... kernel.Bind<IProtectedData>().To<ProtectedData>(); ...
+2
source

Now in this case, now you can use the MapsHubs() extension method from the Microsoft.AspNet.SignalR.SystemWeb package.

MachineKeyProtectedData will be used instead of the default implementation.

0
source

I do not believe that Azure websites can interact with the certificates / crypto API. Similar problems occur when you try to call the Azure Management API. The user context in which the Sites work does not seem to have sufficient permissions to do this.

-1
source

Source: https://habr.com/ru/post/1246629/

More articles:


All Articles