I was wondering if anyone successfully used DPAPI with a user store in a web farm environment?
Since our application was recently converted from ASP 1.1 ASP.NET application 1.1, we use a custom shell that calls methods directly CryptUnprotect. But this should be the same as the method ProtectedDataavailable under 2.0.
Because we work in a web farm environment, we cannot guarantee that the machine that did the encryption will decrypt it. (Also, due to a failure, machines should not destroy our encrypted data).
So, we have a serviced component that runs in the service under a specific user account on each of our web boxes. This user is configured to have a roaming profile as recommended.
The problem is that the information encrypted on one computer cannot be decrypted on another; this is not a win32 error:
'Invalid key to use in the specified state.
I suspect that this was due to the fact that I made a mistake when the encryption service works as a user on several machines, so I register the user on several computers at the same time.
If this is a problem, how do others use DPAPI with user storage in a web farm environment?
Lachman
source
share