none
ProtectedData.Unprotect fails to decrypt RRS feed

  • Question

  • Hi,

    I am using ProtectedData.Protect to encrypt a string on Computer1 with User1 logged in with DataProtectionScope.CurrentUser option.

    With DataProtectionScope.CurrentUser option and User1 logged in on Computer1, I am able to decrypt the encrypted string successfully using ProtectedData.Unprotect.

    But decryption of the encrypted string fails on Computer2 on the same network with User1 logged in using DataProtectionScope.CurrentUser option.

    I read in few forums that I need to load the user profile before decryption if I am trying to do the same on another computer with the same user, but I have no clue how to load the user profile. I tried using LoadUserProfile method of userenv.dll but it failed.

    Kindly let me know if I am missing something. 

    Regards,

    Asim.

    Friday, December 21, 2012 11:22 AM

Answers

All replies

  • Are the computers members of a domain, and is the user a domain user?  If not, it won't work since it's not really the same user.

    -cd Mark the best replies as answers!

    Friday, December 21, 2012 8:17 PM
    Moderator
  • Thanks for your response. 

    The computers belong to the same domain and so is the domain user. But it still fails.

    Regards,

    Asim.

    Monday, December 24, 2012 6:42 AM
  • Hi Asim,

    Welcome to the MSDN Forum.

    The current user means the the users in local machine, not the domain users.

    http://msdn.microsoft.com/en-us/library/system.security.cryptography.dataprotectionscope.aspx  

    Please check the caution part: 

    The LocalMachine enumeration value allows multiple accounts to unprotect data. Use this value only when you trust every account on a computer. For most situations, you should use the CurrentUser value.

    That means, when you trust all the accounts on the local machine, you can choose the Localmachine option.

    And for the currentUser option, the DataProtect check the current user context, not current user account.

    I hope this will be clear.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, December 24, 2012 10:06 AM
    Moderator
  • Thanks for the response.

    So I understand that using the CurrentUser option or the LocalMachine option, I can only uprotect on the same machine only where i protected the data.

    Kindly correct my understanding.

    Regards,

    Asim.

    Monday, December 24, 2012 1:51 PM
  • Hi Asim,

    According to the document, yes, it is. The location is the same when protect and unprotect, it is the same machine.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, December 25, 2012 2:50 AM
    Moderator
  • Thanks for your response. 

    So is there a way in which I can use my domain credentials to protect and unprotect data across machines in the same domain? 

    Regards,

    Asim.

    Wednesday, December 26, 2012 5:12 AM
  • Hi Asim,

    I would suggestion submit a feedback here: http://connect.microsoft.com/VisualStudio 

    When you finished, post the link here, please.

    Thank you.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, December 26, 2012 7:10 AM
    Moderator
  • http://visualstudio.uservoice.com/users/31802371
    Tuesday, January 8, 2013 6:35 AM