What is the impact of appName in DpapiDataProtectionProvider constructor

Question

In our IdentityManager class we have the follow line:

protectionProvider = new DpapiDataProtectionProvider("OurProduct");

What is the implication of that last parameter, and does it have any correlation to how the site is set up on IIS?

Background: We've been deploying an MVC5 site with a custom IdentityManager class to a validation environment for a long time without hassles, and now we're getting the following issue when attempting to reset user passwords:

System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.

Some solutions are described in the following thread: Generating reset password token does not work in Azure Website

Everything is located on the same machine: IIS, Sql Server, Firefox test browser.

Unfortunately I don't have a full grasp of the concepts and I'm trying to figure out how the test environment has changed in order to trigger this issue where it's never happened before?

Answer 1

Since I came here looking for this and there were no answers, I decided to take a look at the code. It looks like the DataProtector.cs uses the application name (along with primary purpose and specific purposes) to create a SHA 256 hash.

Since a hash is a one way street, it should be pretty safe to put whatever you want in there. I'd imagine the more complex would be better, but the name of the app should be fine.

Hope this helps for anyone else that's overly paranoid.