用户配置文件和 HKLM 注册表均不可用。使用临时密钥存储库。应用程序退出时,受保护的数据将不可用
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits
我有一个 Asp.NET 核心应用程序,没有特殊的 DataProtection 堆栈设置 - 只是 AddMvc。虽然在 IISExpress/(Kestrel) 上一切正常,但在 IIS 服务器上我收到此错误:
11/23/2016 18:50:14:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7]
Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {6d00462a-ba7f-4f65-bb36-711605de93f2} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
11/23/2016 19:27:34:warn: Microsoft.Extensions.DependencyInjection.DataProtectionServices[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {27c3297d-c583-4de5-b619-489bfba62407} may be persisted to storage in unencrypted form.
11/23/2016 19:27:35:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7]
Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {3cbde8ae-2dba-4c84-ada3-20ba40bdff85} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
只有部分用户登录后出现,并非每次都会出现。
我尝试 google 但没有成功。
可能是第二台服务器上的某些 IIS 配置不同?谢谢
This issue stems from a bug in IIS itself which may or may not ever be
corrected. In order to work around the issue, it’s necessary for you
to edit your App Pool to enable User Profile Loading. Once you set
your App Pool to load the user profile for the application pool
identity, the application will have permission to read and write to
the system registry as intended.
original article
简而言之,确保应用程序池加载用户配置文件:
下载 ps 脚本或其 .NET 模拟文件 here
像这样构建它并 运行 作为管理员:
ProvisionAutoGenKeys.exe NetCoreAppPool
我有一个 Asp.NET 核心应用程序,没有特殊的 DataProtection 堆栈设置 - 只是 AddMvc。虽然在 IISExpress/(Kestrel) 上一切正常,但在 IIS 服务器上我收到此错误:
11/23/2016 18:50:14:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7]
Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {6d00462a-ba7f-4f65-bb36-711605de93f2} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
11/23/2016 19:27:34:warn: Microsoft.Extensions.DependencyInjection.DataProtectionServices[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
11/23/2016 19:27:34:warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {27c3297d-c583-4de5-b619-489bfba62407} may be persisted to storage in unencrypted form.
11/23/2016 19:27:35:warn: Microsoft.AspNetCore.Session.SessionMiddleware[7]
Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {3cbde8ae-2dba-4c84-ada3-20ba40bdff85} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
只有部分用户登录后出现,并非每次都会出现。 我尝试 google 但没有成功。
可能是第二台服务器上的某些 IIS 配置不同?谢谢
This issue stems from a bug in IIS itself which may or may not ever be corrected. In order to work around the issue, it’s necessary for you to edit your App Pool to enable User Profile Loading. Once you set your App Pool to load the user profile for the application pool identity, the application will have permission to read and write to the system registry as intended.
original article
简而言之,确保应用程序池加载用户配置文件:
下载 ps 脚本或其 .NET 模拟文件 here 像这样构建它并 运行 作为管理员:
ProvisionAutoGenKeys.exe NetCoreAppPool