Requires: Windows 7 (or 2008) with IIS 7.5 (not IIS 7)
Devart version: 6.30.160.0
Steps to Reproduce:
1. Create an ASP.Net web application (or web service) that is configured to connect to MySQL database using database SSL
2. Add two virtual applications on IIS 7.5 to run on separate app pools (AppPoolA and AppPoolB) using the application created in Step 1.
3. Configure the app pools to run as "Network Service" instead of "ApplicationPoolId" identity.
4. Make a request to a page in the web application that connects to the database that is part of AppPoolA. (This step should succeed).
5. Make a request to a page in the web application that connects to the database that is part of AppPoolB. (This step fails with "2026: Could not read client key error" or "Couldn't acquire crypto service provider context").
Reason:
Under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder, the key container file created does not add "Network Service" to the ACL. Instead it adds only "AppPoolA" to the list and the "AppPoolB" has no access on it.
The ACL should be on the SID of the account that the app pool is configured for. In this case, the "Network Service" account.
Note that this problem does not appear when the app pools are configured to use "ApplicationPoolId" and in that case two key container files are created, one for each app group.
Please advise.
IIS 7.5 app pools and MySQL SSL issues
New build of dotConnect for MySQL 6.30.185 is available for download!
It can be downloaded from http://www.devart.com/dotconnect/mysql/download.html (trial version) or from Registered Users' Area (for users with valid subscription only): http://secure.devart.com/ . This build includes the fix for the bug with SSL connection opened under Network Service account.
For more information, please refer to http://www.devart.com/forums/viewtopic.php?t=21453 .
It can be downloaded from http://www.devart.com/dotconnect/mysql/download.html (trial version) or from Registered Users' Area (for users with valid subscription only): http://secure.devart.com/ . This build includes the fix for the bug with SSL connection opened under Network Service account.
For more information, please refer to http://www.devart.com/forums/viewtopic.php?t=21453 .