SSL problem when database user requires X509

Postby Shalex » Thu 09 Dec 2010 11:00

Sumit, I have forwarded your request to our sales department.
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Postby Devart » Thu 09 Dec 2010 13:53

Hello,

We have just resent you upgrade information.

For further assistance please contact our sales team.

Regards,
Devart Support
Devart
Devart Team
 
Posts: 3100
Joined: Tue 26 Oct 2004 13:51

Postby sumit » Tue 25 Jan 2011 01:10

Thanks for getting us the upgraded version of the drivers.

Unfortunately, the problem still appears on Windows 7/2008 when the database requires X509. We are unable to connect to the database from the web process if the windows services start first thus creating the original problem with file permissions. Any suggestions?
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Tue 25 Jan 2011 17:55

Please give us the following information:
1) the exact text of the error you are getting now. Does it occur on openning connection?
2) your current version of your dotConnect for MySQL (x.xx.xx). You can find it in the Tools > MySQL > About menu of Visual Studio;
3) the exact version, edition, and capacity of your operating systems (Windows 7 and Windows Server 2008);
4) the versions of your IIS and used ASP.NET.
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Wed 26 Jan 2011 02:11

1. Exception Details

Couldn't acquire crypto service provider context.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException:
Couldn't acquire crypto service provider context.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.

Stack Trace:


[CryptographicException: Couldn't acquire crypto service provider context.]
Devart.Security.SSL.f.a(IAsyncResult A_0) +203
Devart.Security.SSL.f.a(Byte[] A_0, Int32 A_1, Int32 A_2, SocketFlags A_3)
+67
Devart.Security.SSL.y.a(Byte[] A_0, Int32 A_1, Int32 A_2) +21
Devart.Common.ak.a(Byte[] A_0, Int32 A_1, Int32 A_2) +49
Devart.Common.s.d(Byte[] A_0, Int32 A_1, Int32 A_2) +60

[MySqlException (0x80004005): Can't connect to MySQL server on 'localhost'
(10061): Authentication failed.]
Devart.Data.MySql.v.a(String A_0, String A_1, String A_2, String A_3, Int32
A_4, String A_5, Int32 A_6, SshOptions A_7, SslOptions A_8, ProxyOptions A_9,
MySqlHttpOptions A_10, HttpOptions A_11) +3694
Devart.Data.MySql.MySqlInternalConnection.Connect(MySqlConnection owner,
String userId, String password, String host, String database, Int32 port, Int32
connectionTimeout, MySqlProtocol protocol, Boolean compress, Boolean
clientInteractive) +650
Devart.Data.MySql.MySqlInternalConnection..ctor(p connectionOptions,
MySqlConnection owner) +113
Devart.Data.MySql.as.a(u A_0, Object A_1, DbConnectionBase A_2) +68
Devart.Common.DbConnectionFactory.a(DbConnectionPool A_0, u A_1,
DbConnectionBase A_2) +88
Devart.Common.DbConnectionPoolGroup.a(DbConnectionPool A_0, DbConnectionBase
A_1) +22
Devart.Common.DbConnectionPool.a(DbConnectionBase A_0) +45
Devart.Common.DbConnectionPool.GetObject(DbConnectionBase owningConnection)
+523
Devart.Common.DbConnectionFactory.a(DbConnectionBase A_0) +202
Devart.Common.DbConnectionClosed.Open(DbConnectionBase outerConnection) +138
Devart.Common.DbConnectionBase.Open() +149


2. Devart.Data.MySql version: 6.0.58.0

3. It is a dual core, 4GB RAM Windows 2008 64 bit machine. We saw the problem on Windows 7 Pro 64 bit machine as well.

4. IIS 7.0 (and IIS 7.5), ASP.Net 3.5
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Fri 28 Jan 2011 17:29

sumit, could you please make sure that it is the 6.0.58 version of Devart.Data.MySql.dll that is loaded to the process of your application? Maybe, it still uses the previous version of our assembly. Notify us about the results. I cannot reproduce the problem at the moment.
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Fri 28 Jan 2011 19:44

We did more testing here. The problem shows up on Windows 2008 Standard 64bit and 32bit, Windows XP OS (possibly other operating systems) even without client SSL requirements.

Just enable SSL and the web process will run into problems, if you start a windows service that connects to the database before the web process.

I must insist that this is very important for us to get this thing resolved as soon as possible on Windows 2003, XP, Windows7 and 2008. 32 bit and 64 bit.

Please let me know what else you require from us. Thanks.

Here is the stack trace:

[CryptographicException: Couldn't acquire crypto service provider context.]
Devart.Security.SSL.f.a(IAsyncResult A_0) +203
Devart.Security.SSL.f.a(Byte[] A_0, Int32 A_1, Int32 A_2, SocketFlags A_3)
+67
Devart.Security.SSL.y.a(Byte[] A_0, Int32 A_1, Int32 A_2) +21
Devart.Common.ak.a(Byte[] A_0, Int32 A_1, Int32 A_2) +49
Devart.Common.s.d(Byte[] A_0, Int32 A_1, Int32 A_2) +60

[MySqlException (0x80004005): Can't connect to MySQL server on 'tp78' (10061):
Authentication failed.]
Devart.Data.MySql.v.a(String A_0, String A_1, String A_2, String A_3, Int32
A_4, String A_5, Int32 A_6, SshOptions A_7, SslOptions A_8, ProxyOptions A_9,
MySqlHttpOptions A_10, HttpOptions A_11) +3694
Devart.Data.MySql.MySqlInternalConnection.Connect(MySqlConnection owner,
String userId, String password, String host, String database, Int32 port, Int32
connectionTimeout, MySqlProtocol protocol, Boolean compress, Boolean
clientInteractive) +650
Devart.Data.MySql.MySqlInternalConnection..ctor(p connectionOptions,
MySqlConnection owner) +113
Devart.Data.MySql.as.a(u A_0, Object A_1, DbConnectionBase A_2) +68
Devart.Common.DbConnectionFactory.a(DbConnectionPool A_0, u A_1,
DbConnectionBase A_2) +88
Devart.Common.DbConnectionPoolGroup.a(DbConnectionPool A_0, DbConnectionBase
A_1) +22
Devart.Common.DbConnectionPool.a(DbConnectionBase A_0) +45
Devart.Common.DbConnectionPool.GetObject(DbConnectionBase owningConnection)
+530
Devart.Common.DbConnectionFactory.a(DbConnectionBase A_0) +202
Devart.Common.DbConnectionClosed.Open(DbConnectionBase outerConnection) +138
Devart.Common.DbConnectionBase.Open() +149
Devart.Data.MySql.MySqlConnection.Open() +209
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby sumit » Fri 28 Jan 2011 19:46

Correct version of the assemblies are getting loaded:

Loaded Assembly from GAC: "Devart.Data.MySql, Version=6.0.58.0, Culture=neutral, PublicKeyToken=09af7300eec23701". Location: C:\Windows\assembly\GAC_MSIL\Devart.Data.MySql\6.0.58.0__09af7300eec23701\Devart.Data.MySql.dll

Loaded Assembly from GAC: "Devart.Data, Version=5.0.159.0, Culture=neutral, PublicKeyToken=09af7300eec23701". Location: C:\Windows\assembly\GAC_MSIL\Devart.Data\5.0.159.0__09af7300eec23701\Devart.Data.dll
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby sumit » Tue 01 Feb 2011 21:54

We need this issue resolved asap as we are really closed to you release date.

It is the same issue. The web process (running as "Network Service") has no access on the file "9662578eb35f925aaa97e4941ca3d838_0d9c1178-8c0b-4510-8b36-8b990674bf28" in "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" when the file is not created by the web process.

On a fresh machine, if the component that runs as a windows service starts before the web service, the file is created by the windows service instead of the web service with limited permissions and the web process fails to read it.

All you need is SSL enabled (no client certs, no ca certs) to reproduce this problem.

Please update as soon as possible.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby sumit » Wed 02 Feb 2011 00:36

How is the key generated that is used to encrypt the data in SSL mode? Are you using some predefined hard coded key?
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Wed 02 Feb 2011 18:15

1. We have reproduced the problem with SSL connection and Windows Service. We will investigate it and notify you about the results as soon as possible.
2. The key is generated dynamically (not predefined hard coded).
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Wed 02 Feb 2011 19:35

Thanks. We are waiting for a quick response.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Thu 03 Feb 2011 15:05

We have fixed the problem. A separate key will be created for every Windows account starting from the next build of dotConnect for MySQL. We are planning to release the new buld in a week. Does this timeframe meet your requirements?

As a temporary workaround, please modify security permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9662578eb35f925aaa97e4941ca3d838_f9c7516d-7207-4fb5-a07c-13f1fe8986b5 file manually via its Properties > Security tab after it is created by your Windows Service: set the current owner to your current Windows user or Everyone, save properties and re-open the Properties window (the Security tab), set a new user - Everyone, and grant a full control to it.
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Mon 07 Feb 2011 20:37

Shalex,

Thanks for the update. We are aware of the workaround but since we do not manage installations for our customers, it becomes support burden for us.

We are discussing whether we want to introduce a new version of the drivers this late in the release cycle. In any case, please update once you have the new version so that we can at least start testing it.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Thu 10 Feb 2011 14:14

New build of dotConnect for MySQL 6.10.103 is available for download now!
It can be downloaded from http://www.devart.com/dotconnect/mysql/download.html (trial version) or from Registered Users' Area (for users with valid subscription only): http://secure.devart.com/ .
For more information, please refer to http://www.devart.com/forums/viewtopic.php?t=20225 .
Shalex
Devart Team
 
Posts: 7654
Joined: Thu 14 Aug 2008 12:44

Previous

Return to dotConnect for MySQL