4

When I run my asp.net 3.1 app on my VS 2019, it is working fine and no problem. After I published to my local IIS , I got this problems ( Using an in-memory repository. Keys will not be persisted to storage. Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.). I tried to to set Load User Proifle on IIS advanced setting also. I tried this article Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits. But my problems is not solved. Any advice or guidance would be greatly appreciated.

Thanks amy

Amy
  • 101
  • 4
  • 13
  • 1
    That may of changed with core 3x. The article is referring to core 2.0. See core 3x breaking changes : https://learn.microsoft.com/en-us/dotnet/core/compatibility/2.2-3.1#pubternal-apis-removed – jdweng Oct 20 '20 at 09:43
  • Hi jdweng, my problem is I can run app with Visual Studio 2019 and no problems. Only problem is after publish and host in IIS. – Amy Oct 20 '20 at 14:18
  • Did you try running on IIS As Admin? When running on a IIS the default credentials is a GUEST which does not have access to IIS System resources. See : https://learn.microsoft.com/en-us/biztalk/core/guidelines-for-resolving-iis-permissions-problems and https://learn.microsoft.com/en-us/troubleshoot/iis/default-permissions-user-rights – jdweng Oct 20 '20 at 14:51

1 Answers1

4

I ran into these error messages in our logs as well, but in our case that's because we're running ASP.NET Core on Linux, and there's neither IIS nor a HKLM registry on Linux.

The main symptom is that users would get authentication errors when we deployed a new version of the server. That's because the keys were stored in memory as the error message says, and when redeploying the application, the keys would be lost, and new ones get re-generated upon launching the new version of the application.

The solution was to just persist the keys to local storage. In your startup.cs file, try adding these lines:

using Microsoft.AspNetCore.DataProtection;

public void ConfigureServices(IServiceCollection services) {
    // other config code

    services.AddDataProtection()
        .PersistKeysToFileSystem(new DirectoryInfo(@"C:\someFolder\"));
    // config code for authentication
    // other config code
}

Since I'm testing locally on a windows machine, "someFolder" is actually a configured value read from appsettings.json and appsettings.Development.json. The path on Linux is different, and the processes that runs the .NET application will need to own and have read and write permissions for the process (www-data on ubuntu with nginx)

Be aware that persisting the keys to the file system automatically removes the encryption, but encryption can be added back.

For the MS documentation on these:
https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-5.0&tabs=visual-studio

https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-encryption-at-rest?view=aspnetcore-5.0

TomEberhard
  • 907
  • 10
  • 11