Infralution Support

fahd · Joined: 09 May 2011 Posts: 2

I have ILS installed on a XP machine and hosting the webs ervice on a web server, This happens when I try to run the install.aspx on the web server, when I validate a license:

Server was unable to process request. ---> The type initializer for 'AuthenticationServer.Database' threw an exception. ---> Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Bad Data.
(c:\inetpub\wwwroot\authenticationserver\web.config line 4) ---> Bad Data.

I did everything you can imagine:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "Realtime"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "NETWORK SERVICE"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "Realtime"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"
Adding ACL for access to the RSA Key container...
Succeeded!

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "Network Service"
Adding ACL for access to the RSA Key container...
Succeeded!

I shared the folder with everyone full access. I don't know what else I should. Any help will be appreciated?

p.s:
ILS works fine on local machine, it just doesn't when it's hosted somewhere else.

Infralution · Joined: 28 Feb 2005 Posts: 5027

I'm guessing that on your local machine you installed the SQL Database for the Authentication server and selected the option to encrypt the connection details - is that right?

The encrypt option encrypts the connection details in the Web.Config file using a local machine specific private key. If you then copy this Web.Config to another machine it won't work. You can run the Install.aspx again on your local machine and deselect the encrypt option before copying the Web.Config up to your web host. Alternatively you could just delete the Authentication server directory from your machine and reinstall ILS to get a clean copy of the authentication server including web.config.
_________________
Infralution Support

fahd · Joined: 09 May 2011 Posts: 2

I am using access database. So according to you, I can either:

1) Install ILS on local machine and run the install without the encrypt option then copy the web server to the web server

2) Install ILS on the web server which is not a good option.

Please confirm!

Fahd

Infralution · Joined: 28 Feb 2005 Posts: 5027

The error you are getting indicates that the Web.Config is using encrypted connection details (and failing because of this).

Can you download your current Web.Config from your web host and post the contents here?

The solution is to replace the Web.Config on the server. The Web.Config that is installed by ILS initially does not use encrypted connection details and will work for the Access database (even if you don't run Install.aspx). So if you delete the copy of web.config on your local machine and rerun the ILS setup on your local machine you will get a clean copy of web.config that you can upload.
_________________
Infralution Support

Infralution · Joined: 28 Feb 2005 Posts: 5027

I just encountered another issue that can cause problems similar to this when encrypting the Web.Config running on your local machine using the ASP.NET development server. In this case the ASP.NET Development server runs under your account and first time you encrypt a config file the RSA Machine key is created with you as the owner. Unfortunately because of the rather impenetrable security model in Windows 7 this means that if you then try to run the server account and encrypt web.config you will get a strange "Object already exists" error.

The solution (found after much web searching and experimentation) is to take ownership of all the files in the directory containing RSA machine keys. To do this locate the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys directory. Right click and select Properties. Select the Security tab. Click the Advanced button. Select the Owner tab. Click Edit button. Ensure the current owner of the directory is the Administrators group (you may not need to change this). Check the "Replace owner on subcontainers and objects" box and click OK.

That gets us half way. Now run a Visual Studio command prompt using as Administrator (right click on the shortcut and click "Run as Administrator"). Now we need to add an ACL to allow our normal account to access the RSA key that .NET uses for encrypting config files.
Type:

[code]aspnet_regiis -pa "NetFrameworkConfigurationKey" "MyDomain\MyName"[/code

Where MyDomain\MyName is your fully qualified account name. If this succeeds then you are done and you should now be able to run the web service installer and select the Encrypt Settings option.
_________________
Infralution Support