Out of topic: Using crypto API under W2K

Hello everyone.

Sorry for the out of topic question, but may be somebody can point me to a
right mailing list.
We’re having problems with using Crypto API in our ASP pages. As far as I
understood the
problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which
doesn’t have
a profile associated with that user (or at least doesn’t load that profile).
So, CAPI fail’s to work
because it requires a user profile being loaded. Looks like a “catch 22” :slight_smile:
Besides, the same problem (unable to use CAPI) appears when the current user
is from a
Guest group. The same thing. Calls to CAPI reports about “temporary user
profile” and
fails to work.

Can anybody point me to a solution to these problems?

TIA,

Vladimir

Call LogonUser() and ImpersonateLoggedOnUser() to give your server-side
thread the credentials of a different account, one that Crypto API likes.

You can also configure IIS to do this for you – one property of directories
is the account used to service anonymous requests.


Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: Chtchetkine, Vladimir [mailto:xxxxx@Starbase.com]
Sent: Tuesday, May 30, 2000 2:44 PM
To: NT Developers Interest List
Subject: [ntdev] Out of topic: Using crypto API under W2K

Hello everyone.
Sorry for the out of topic question, but may be somebody can point me to a
right mailing list.
We’re having problems with using Crypto API in our ASP pages. As far as I
understood the
problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which
doesn’t have
a profile associated with that user (or at least doesn’t load that profile).
So, CAPI fail’s to work
because it requires a user profile being loaded. Looks like a “catch 22” :slight_smile:
Besides, the same problem (unable to use CAPI) appears when the current user
is from a
Guest group. The same thing. Calls to CAPI reports about “temporary user
profile” and
fails to work.
Can anybody point me to a solution to these problems?
TIA,
Vladimir

Out of topic: Using crypto API under W2KThere was a separate mailing list for CryptoAPI also. I don’t remember the address, but the same & many more r present on Microsoft Site.

I personally have used the CryptoAPI site but got a better response on ntdev/fsd for CryptoAPI & EFS queries, coz the big bull r sitting here it seems. So u can post queries to all of them to address a greater audience.
----- Original Message -----
From: Chtchetkine, Vladimir
To: NT Developers Interest List
Sent: Wednesday, May 31, 2000 3:14 AM
Subject: [ntdev] Out of topic: Using crypto API under W2K

Hello everyone.

Sorry for the out of topic question, but may be somebody can point me to a right mailing list.
We’re having problems with using Crypto API in our ASP pages. As far as I understood the
problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which doesn’t have
a profile associated with that user (or at least doesn’t load that profile). So, CAPI fail’s to work
because it requires a user profile being loaded. Looks like a “catch 22” :slight_smile:
Besides, the same problem (unable to use CAPI) appears when the current user is from a
Guest group. The same thing. Calls to CAPI reports about “temporary user profile” and
fails to work.

Can anybody point me to a solution to these problems?

TIA,

Vladimir

Out of topic: Using crypto API under W2KSorry, here are the details as well.

----- Original Message -----
From: Mike Caldwell
To: Mayank Kulshreshtha
Sent: Tuesday, August 24, 1999 7:36 PM
Subject: RE: [ntdev] Windows 2000 CryptoAPI/CryptoGraphy blues, mischiefs, errata and mystery.

There is a mailing list dedicated to cryptoAPI ( xxxxx@DISCUSS.MICROSOFT.COM ). The users guide for the list is at http://msdn.microsoft.com/workshop/essentials/mail.asp .

[Mike Caldwell]
-----Original Message-----
From: xxxxx@atria.com [mailto:xxxxx@atria.com]On Behalf Of Mayank Kulshreshtha
Sent: Tuesday, August 24, 1999 4:52 AM
To: xxxxx@PEACH.EASE.LSOFT.COM; xxxxx@mailbase.ac.uk; L-Soft list server at PEACH.EASE.LSOFT.COM (1.8d); L-Soft list server at NIH (1.8d); xxxxx@LIST.NIH.GOV; xxxxx@atria.com; NTDEV
Cc: xxxxx@egroups.com
Subject: [ntdev] Windows 2000 CryptoAPI/CryptoGraphy blues, mischiefs, errata and mystery.

Friends,

For the past 2-3 weeks I have been trying hard with my Project Leader to make a headway in actually getting the Win 2000 Platform SDK Beta 3/CryptoAPI to work acceptably. But in vain. It behaves like an arrogant, mischievous, erratic and cunning piece of anything-but-code to say the least.

Let me describe some of its exploits, with which it managed to get away with me. You can suggest some solutions if any:
a… The CryptoAPI functions if used in a code have an external affect on the Local Variables around, in that, their values keep changing arbitrarily as the program is executed statement by statement. This apparently gets resolved if all the variables are made Global. Freak isn’t it.
b… The programs don’t compile at all (on Win 2000 Advanced Server. On Win 2000 Server it probably does) with the SDK 2000 Beta3. Kernel32.lib(in SDK 2000) and a few others give link time errors like:“disk full or invalid file : unable to seek past address 0x763628909239( or something)”. There actually seems to be something wrong with these LIBs. I checked through nm & link(link /dump /??? *.lib/dll). Some of the archive members have some thing corrupt.
c… If I try to access the corresponding CryptoAPI functions form the DLL itself (advapi32.dll : CryptEnumProviders, CryptExport, CryptAcquireContext, CryptProvParam) they behave ok till simple programs. As I start using 2-3 of them in a single program(check attachments) they are disgusting. One function when used affects the behaviour of another.
d… In particular e.g. CryptEnumProvider when called to return the name length of the next CSP:CryptoGraphic Service Provider, at times returns a length different from the name it has in store. This goes well if I use CryptEnumProviders alone in a function.
Guys any help???!!!???

I basically want to Enumerate all the Providers and Export all the Key-Pairs(Exchange/Signature) present in the Containers in a CSP to Key BLOBs.

???
----- Original Message -----
From: Chtchetkine, Vladimir
To: NT Developers Interest List
Sent: Wednesday, May 31, 2000 3:14 AM
Subject: [ntdev] Out of topic: Using crypto API under W2K

Hello everyone.

Sorry for the out of topic question, but may be somebody can point me to a right mailing list.
We’re having problems with using Crypto API in our ASP pages. As far as I understood the
problem, IIS on W2K impersonates an anonymous IIS user (IUSR_xxx) which doesn’t have
a profile associated with that user (or at least doesn’t load that profile). So, CAPI fail’s to work
because it requires a user profile being loaded. Looks like a “catch 22” :slight_smile:
Besides, the same problem (unable to use CAPI) appears when the current user is from a
Guest group. The same thing. Calls to CAPI reports about “temporary user profile” and
fails to work.

Can anybody point me to a solution to these problems?

TIA,

Vladimir