Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Out of topic: Using crypto API under W2K

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hello everyone.

Sorry for the out of topic question, but may be somebody can point me to a
right mailing list.
We're having problems with using Crypto API in our ASP pages. As far as I
understood the
problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which
doesn't have
a profile associated with that user (or at least doesn't load that profile).
So, CAPI fail's to work
because it requires a user profile being loaded. Looks like a "catch 22" :)
Besides, the same problem (unable to use CAPI) appears when the current user
is from a
Guest group. The same thing. Calls to CAPI reports about "temporary user
profile" and
fails to work.

Can anybody point me to a solution to these problems?

TIA,

Vladimir

Comments

  • OSR_Community_User-35OSR_Community_User-35 Member Posts: 154
    Call LogonUser() and ImpersonateLoggedOnUser() to give your server-side
    thread the credentials of a different account, one that Crypto API likes.

    You can also configure IIS to do this for you -- one property of directories
    is the account used to service anonymous requests.

    -----------------------------------------------------------------------
    Dave Cox
    Hewlett-Packard Co.
    HPSO/SSMO (Santa Barbara)
    https://ecardfile.com/id/Dave+Cox

    -----Original Message-----
    From: Chtchetkine, Vladimir [mailto:[email protected]]
    Sent: Tuesday, May 30, 2000 2:44 PM
    To: NT Developers Interest List
    Subject: [ntdev] Out of topic: Using crypto API under W2K


    Hello everyone.
    Sorry for the out of topic question, but may be somebody can point me to a
    right mailing list.
    We're having problems with using Crypto API in our ASP pages. As far as I
    understood the
    problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which
    doesn't have
    a profile associated with that user (or at least doesn't load that profile).
    So, CAPI fail's to work
    because it requires a user profile being loaded. Looks like a "catch 22" :)
    Besides, the same problem (unable to use CAPI) appears when the current user
    is from a
    Guest group. The same thing. Calls to CAPI reports about "temporary user
    profile" and
    fails to work.
    Can anybody point me to a solution to these problems?
    TIA,
    Vladimir
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Out of topic: Using crypto API under W2KThere was a separate mailing list for CryptoAPI also. I don't remember the address, but the same & many more r present on Microsoft Site.

    I personally have used the CryptoAPI site but got a better response on ntdev/fsd for CryptoAPI & EFS queries, coz the big bull r sitting here it seems. So u can post queries to all of them to address a greater audience.
    ----- Original Message -----
    From: Chtchetkine, Vladimir
    To: NT Developers Interest List
    Sent: Wednesday, May 31, 2000 3:14 AM
    Subject: [ntdev] Out of topic: Using crypto API under W2K


    Hello everyone.

    Sorry for the out of topic question, but may be somebody can point me to a right mailing list.
    We're having problems with using Crypto API in our ASP pages. As far as I understood the
    problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which doesn't have
    a profile associated with that user (or at least doesn't load that profile). So, CAPI fail's to work
    because it requires a user profile being loaded. Looks like a "catch 22" :)
    Besides, the same problem (unable to use CAPI) appears when the current user is from a
    Guest group. The same thing. Calls to CAPI reports about "temporary user profile" and
    fails to work.

    Can anybody point me to a solution to these problems?

    TIA,

    Vladimir
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Out of topic: Using crypto API under W2KSorry, here are the details as well.


    ----- Original Message -----
    From: Mike Caldwell
    To: Mayank Kulshreshtha
    Sent: Tuesday, August 24, 1999 7:36 PM
    Subject: RE: [ntdev] Windows 2000 CryptoAPI/CryptoGraphy blues, mischiefs, errata and mystery.


    There is a mailing list dedicated to cryptoAPI ( [email protected] ). The users guide for the list is at http://msdn.microsoft.com/workshop/essentials/mail.asp .

    [Mike Caldwell]
    -----Original Message-----
    From: [email protected] [mailto:[email protected]]On Behalf Of Mayank Kulshreshtha
    Sent: Tuesday, August 24, 1999 4:52 AM
    To: [email protected]; [email protected]; L-Soft list server at PEACH.EASE.LSOFT.COM (1.8d); L-Soft list server at NIH (1.8d); [email protected]; [email protected]; NTDEV
    Cc: [email protected]
    Subject: [ntdev] Windows 2000 CryptoAPI/CryptoGraphy blues, mischiefs, errata and mystery.


    Friends,

    For the past 2-3 weeks I have been trying hard with my Project Leader to make a headway in actually getting the Win 2000 Platform SDK Beta 3/CryptoAPI to work acceptably. But in vain. It behaves like an arrogant, mischievous, erratic and cunning piece of anything-but-code to say the least.

    Let me describe some of its exploits, with which it managed to get away with me. You can suggest some solutions if any:
    a.. The CryptoAPI functions if used in a code have an external affect on the Local Variables around, in that, their values keep changing arbitrarily as the program is executed statement by statement. This apparently gets resolved if all the variables are made Global. Freak isn't it.
    b.. The programs don't compile at all (on Win 2000 Advanced Server. On Win 2000 Server it probably does) with the SDK 2000 Beta3. Kernel32.lib(in SDK 2000) and a few others give link time errors like:"disk full or invalid file : unable to seek past address 0x763628909239( or something)". There actually seems to be something wrong with these LIBs. I checked through nm & link(link /dump /??? *.lib/dll). Some of the archive members have some thing corrupt.
    c.. If I try to access the corresponding CryptoAPI functions form the DLL itself (advapi32.dll : CryptEnumProviders, CryptExport, CryptAcquireContext, CryptProvParam) they behave ok till simple programs. As I start using 2-3 of them in a single program(check attachments) they are disgusting. One function when used affects the behaviour of another.
    d.. In particular e.g. CryptEnumProvider when called to return the name length of the next CSP:CryptoGraphic Service Provider, at times returns a length different from the name it has in store. This goes well if I use CryptEnumProviders alone in a function.
    Guys any help???!!!???

    I basically want to Enumerate all the Providers and Export all the Key-Pairs(Exchange/Signature) present in the Containers in a CSP to Key BLOBs.

    ??????
    ----- Original Message -----
    From: Chtchetkine, Vladimir
    To: NT Developers Interest List
    Sent: Wednesday, May 31, 2000 3:14 AM
    Subject: [ntdev] Out of topic: Using crypto API under W2K


    Hello everyone.

    Sorry for the out of topic question, but may be somebody can point me to a right mailing list.
    We're having problems with using Crypto API in our ASP pages. As far as I understood the
    problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which doesn't have
    a profile associated with that user (or at least doesn't load that profile). So, CAPI fail's to work
    because it requires a user profile being loaded. Looks like a "catch 22" :)
    Besides, the same problem (unable to use CAPI) appears when the current user is from a
    Guest group. The same thing. Calls to CAPI reports about "temporary user profile" and
    fails to work.

    Can anybody point me to a solution to these problems?

    TIA,

    Vladimir
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Writing WDF Drivers TBD 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online