用户个人资料和HKLM注册表均不可用.使用临时密钥存储库.当应用程序退出时,受保护的数据将不可用 [英] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits
问题描述
我有一个Asp.NET Core应用程序,没有对DataProtection堆栈进行特殊设置-只是AddMvc.虽然一切都可以在IISExpress/(Kestrel)上运行,但在IIS服务器上却收到此错误:
2016/11/23 18:50:14:警告:Microsoft.AspNetCore.Session.SessionMiddleware [7]取消保护会话Cookie时出错.System.Security.Cryptography.CryptographicException:在密钥环中找不到密钥{6d00462a-ba7f-4f65-bb36-711605de93f2}.在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte [] protectedData,Boolean allowOperationsOnRevokedKeys,UnprotectStatus& status)在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte [] protectedData,Boolean ignoreRevocationErrors,Boolean& requireMigration,Boolean& wasRevoked)在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte [] protectedData)在Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector保护器,String protectedText,ILogger记录器)11/23/2016 19:27:34:警告:Microsoft.Extensions.DependencyInjection.DataProtectionServices [59]用户个人资料和HKLM注册表均不可用.使用临时密钥存储库.当应用程序退出时,受保护的数据将不可用.11/23/2016 19:27:34:警告:Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository [50]使用内存中的存储库.密钥将不会持久存储.11/23/2016 19:27:34:警告:Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [35]未配置XML加密器.密钥{27c3297d-c583-4de5-b619-489bfba62407}可以以未加密的形式持久存储.11/23/2016 19:27:35:警告:Microsoft.AspNetCore.Session.SessionMiddleware [7]取消保护会话Cookie时出错.System.Security.Cryptography.CryptographicException:在密钥环中找不到密钥{3cbde8ae-2dba-4c84-ada3-20ba40bdff85}.在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte [] protectedData,Boolean allowOperationsOnRevokedKeys,UnprotectStatus& status)在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte [] protectedData,Boolean ignoreRevocationErrors,Boolean& requireMigration,Boolean& wasRevoked)在Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte [] protectedData)在Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector保护器,String protectedText,ILogger记录器) 仅对某些用户登录后才有意义,而并非每次都如此.我尝试使用Google,但没有成功.
第二台服务器上的IIS配置可能有所不同吗?谢谢.
此问题源于IIS本身的一个错误,该错误可能是也可能不是更正的.为了解决该问题,您有必要编辑您的应用程序池以启用用户配置文件加载.一旦设定您的应用程序池以加载应用程序池的用户配置文件身份,应用程序将具有读写权限系统注册表.
原始
在此处下载ps脚本或其.NET类似物构建并像这样以Admin身份运行它:
ProvisionAutoGenKeys.exe NetCoreAppPoolI have an Asp.NET Core app with no special setup of DataProtection stack - just AddMvc. While everything works on IISExpress/(Kestrel), on the IIS server I got this error:
11/23/2016 18:50:14:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7] Error unprotecting the session cookie. System.Security.Cryptography.CryptographicException: The key {6d00462a-ba7f-4f65-bb36-711605de93f2} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger) 11/23/2016 19:27:34:warn: Microsoft.Extensions.DependencyInjection.DataProtectionServices[59] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits. 11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50] Using an in-memory repository. Keys will not be persisted to storage. 11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured. Key {27c3297d-c583-4de5-b619-489bfba62407} may be persisted to storage in unencrypted form. 11/23/2016 19:27:35:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7] Error unprotecting the session cookie. System.Security.Cryptography.CryptographicException: The key {3cbde8ae-2dba-4c84-ada3-20ba40bdff85} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)It only happes for some users after sign in and not every time. I tries to google but with no success.
Might it be some IIS configuration different on the second server? Thx.
解决方案This issue stems from a bug in IIS itself which may or may not ever be corrected. In order to work around the issue, it’s necessary for you to edit your App Pool to enable User Profile Loading. Once you set your App Pool to load the user profile for the application pool identity, the application will have permission to read and write to the system registry as intended.
original article
In short ensure app pool loads User profile:
download either ps script or its .NET analog here build it and run it as Admin like this:
ProvisionAutoGenKeys.exe NetCoreAppPool
这篇关于用户个人资料和HKLM注册表均不可用.使用临时密钥存储库.当应用程序退出时,受保护的数据将不可用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
