IIS 7.5 app pools and MySQL SSL issues

IIS 7.5 app pools and MySQL SSL issues

Postby sumit » Wed 15 Jun 2011 23:37

Requires: Windows 7 (or 2008) with IIS 7.5 (not IIS 7)
Devart version: 6.30.160.0

Steps to Reproduce:
1. Create an ASP.Net web application (or web service) that is configured to connect to MySQL database using database SSL
2. Add two virtual applications on IIS 7.5 to run on separate app pools (AppPoolA and AppPoolB) using the application created in Step 1.
3. Configure the app pools to run as "Network Service" instead of "ApplicationPoolId" identity.
4. Make a request to a page in the web application that connects to the database that is part of AppPoolA. (This step should succeed).
5. Make a request to a page in the web application that connects to the database that is part of AppPoolB. (This step fails with "2026: Could not read client key error" or "Couldn't acquire crypto service provider context").

Reason:
Under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder, the key container file created does not add "Network Service" to the ACL. Instead it adds only "AppPoolA" to the list and the "AppPoolB" has no access on it.

The ACL should be on the SID of the account that the app pool is configured for. In this case, the "Network Service" account.

Note that this problem does not appear when the app pools are configured to use "ApplicationPoolId" and in that case two key container files are created, one for each app group.

Please advise.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Mon 20 Jun 2011 14:46

We will investigate the issue and notify you about the results as soon as possible.
Shalex
Devart Team
 
Posts: 7777
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Tue 28 Jun 2011 21:52

Just to update the topic since it is one way for us to track the status of an issue, I received an email from Devart stating that the issue has been reproduced.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Mon 04 Jul 2011 12:27

The bug with SSL connection opened under Network Service account is fixed. We will post here when the corresponding build is available for download.
Shalex
Devart Team
 
Posts: 7777
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Tue 05 Jul 2011 17:47

Thanks.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Postby Shalex » Mon 11 Jul 2011 11:23

New build of dotConnect for MySQL 6.30.185 is available for download!
It can be downloaded from http://www.devart.com/dotconnect/mysql/download.html (trial version) or from Registered Users' Area (for users with valid subscription only): http://secure.devart.com/ . This build includes the fix for the bug with SSL connection opened under Network Service account.

For more information, please refer to http://www.devart.com/forums/viewtopic.php?t=21453 .
Shalex
Devart Team
 
Posts: 7777
Joined: Thu 14 Aug 2008 12:44

Postby sumit » Mon 11 Jul 2011 18:02

Thanks for the fix.
sumit
 
Posts: 62
Joined: Wed 03 Jan 2007 22:23


Return to dotConnect for MySQL