IIS 7.5 app pools and MySQL SSL issues

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for MySQL
Post Reply
sumit
Posts: 62
Joined: Wed 03 Jan 2007 22:23

IIS 7.5 app pools and MySQL SSL issues

Post by sumit » Wed 15 Jun 2011 23:37

Requires: Windows 7 (or 2008) with IIS 7.5 (not IIS 7)
Devart version: 6.30.160.0

Steps to Reproduce:
1. Create an ASP.Net web application (or web service) that is configured to connect to MySQL database using database SSL
2. Add two virtual applications on IIS 7.5 to run on separate app pools (AppPoolA and AppPoolB) using the application created in Step 1.
3. Configure the app pools to run as "Network Service" instead of "ApplicationPoolId" identity.
4. Make a request to a page in the web application that connects to the database that is part of AppPoolA. (This step should succeed).
5. Make a request to a page in the web application that connects to the database that is part of AppPoolB. (This step fails with "2026: Could not read client key error" or "Couldn't acquire crypto service provider context").

Reason:
Under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder, the key container file created does not add "Network Service" to the ACL. Instead it adds only "AppPoolA" to the list and the "AppPoolB" has no access on it.

The ACL should be on the SID of the account that the app pool is configured for. In this case, the "Network Service" account.

Note that this problem does not appear when the app pools are configured to use "ApplicationPoolId" and in that case two key container files are created, one for each app group.

Please advise.

Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Mon 20 Jun 2011 14:46

We will investigate the issue and notify you about the results as soon as possible.

sumit
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Post by sumit » Tue 28 Jun 2011 21:52

Just to update the topic since it is one way for us to track the status of an issue, I received an email from Devart stating that the issue has been reproduced.

Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Mon 04 Jul 2011 12:27

The bug with SSL connection opened under Network Service account is fixed. We will post here when the corresponding build is available for download.

sumit
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Post by sumit » Tue 05 Jul 2011 17:47

Thanks.

Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Mon 11 Jul 2011 11:23

New build of dotConnect for MySQL 6.30.185 is available for download!
It can be downloaded from http://www.devart.com/dotconnect/mysql/download.html (trial version) or from Registered Users' Area (for users with valid subscription only): http://secure.devart.com/ . This build includes the fix for the bug with SSL connection opened under Network Service account.

For more information, please refer to http://www.devart.com/forums/viewtopic.php?t=21453 .

sumit
Posts: 62
Joined: Wed 03 Jan 2007 22:23

Post by sumit » Mon 11 Jul 2011 18:02

Thanks for the fix.

Post Reply