|
CipherSafe.NET™ Bug Report
The following list describes serious CipherSafe.NET™ problems,
which have been reported and confirmed,
but either have not yet been fixed or have been fixed recently
(for additional information,
see the release history):
-
Problem:
Cannot retrieve application profiles from Application_Start event in IIS 7.
Version:
1.5.4 (and earlier)
Description:
Exception is raised when application profile is attempted to
be retrieved in the global Application_Start event when running
the application in the integrated mode on IIS 7.
Workaround:
Option 1: Configure the application pool to run in the Classic Mode in IIS 7.
Option 2: Upgrade product to version 1.5.5.
Status:
Fixed in release 1.5.5.0.
-
Problem:
Error
"Application profile [...] does not exist or it is corrupted"
in 32-bit apps on 64-bit versions of Windows®.
Version:
1.5
Description:
If a 32-bit application running on a 64-bit platform under WOW64 attempts to retrieve
its profile value, it may get an exception indicating thet the application profile
does not exist (this issue does not affect application profiles of configuration files).
The error is caused by the fact that 64-bit and 32-bit applications use
different registry keys.
Workaround:
Option 1: Define your appliocation profile as a configuration file.
Since profile values of configuration files do not get stored in the registry,
the error will not occur.
Option 2: Make sure that the application process using the CipherSafe™ library
runs under the native 64-bit mode.
Option 3: Copy your application profile settings and values from the native (64-bit)
registry hive (under a HKLM\SOFTWARE\Obviex\CipherSafe key) to the 32-bit hive
(under the corresponding HKLM\SOFTWARE\Wow6432Node\Obviex\CipherSafe key).
TIP: You can copy registry keys, subkeys and values using the built-in
REG COPY
command, such as:
REG COPY HKLM\SOFTWARE\Obviex\CipherSafe HKLM\SOFTWARE\Wow6432Node\Obviex\CipherSafe /s /f
Status:
Fixed in release 1.5.2.0 (x64).
-
Problem:
Web-based applications may not be able to retrieve profile values from
configuration files.
Version:
1.4.2
Description:
When attempting to retrieve profile values defined in Web.config files,
CipherSafe™ library can throw an exception with the following error message:
"User 'COMPUTERNAME\ASPNET' is not authorized to perform the 'VerifyApplicationProfilePath' operation."
Workaround:
None
Status:
Corrected in a hot fix for version 1.4.2.0.
-
Problem:
Wrong version shown in the splash screen.
Version:
1.4.2
Description:
The splash screen of the CipherSafe™ GUI tool
shows version 1.4.1 instead of 1.4.2.
This happens because the splash screen shows the version
of the library, which is still 1.4.1.
Workaround:
N/A
Status:
Corrected in a hot fix for version 1.4.2.0.
-
Problem:
The command-line utility is missing.
Version:
1.4.2
Description:
The installer for the original 1.4.2 release does not install
the command-line utility (CipherSafeCMD.exe).
Workaround:
N/A
Status:
This problem has been fixed in the latest setup package
of CipherSafe.NET™ 1.4.2.0.
-
Problem:
Exception when configuring product admins:
Index was out of range.
Version:
1.4.1.0 (and prior)
Description:
When not using the Key Manager service and trying to change the default
product administrators (in the Options dialog box),
an exception can be generated causing the CipherSafe™ GUI to abort.
Workaround:
Use the Key Manager service.
Status:
This problem has been resolved in CipherSafe.NET™ 1.4.2.0.
-
Problem:
Error under high load:
Error generating static machine key.
Cannot create a remote object.
An invalid argument was supplied.
Version:
1.4.0.0 (and prior)
Description:
If your Web application creates application profiles under heavy load,
you may get an exception mentioned above.
The problem is most likely to be caused by inability of the system to
release client-side ports -- when making remoting calls -- quickly enough.
After a period of inactivity, the problem may go away;
it can also be corrected by recycling the Web site or application pool.
Workaround:
The recommended approach is to retrieve application profile values
in the Application_Start event handler (in the global.asax file),
encrypt them using
DPAPI
with machine store
and an optional entropy such as physical path to the application directory
(or use a randomly generated encryption key with the application scope),
and store the DPAPI-encrypted value in the the application domain via the
(using AppDomain.SetData API).
When the application needs the value,
it can get it from the application domain (via the
AppDomain.GetData call)
and decrypt it using DPAPI (or the encryption key).
Note: DPAPI encryption here is used only to prevent an unlikely possibility of
plaintext values being hijacked from memory (e.g. during paging).
Status:
This problem has been resolved in CipherSafe.NET™ 1.4.1.0.
-
Problem:
Cannot use an unprivileged account to run the CipherSafe™ Key Manager service.
Version:
1.3.1.6 (and prior)
Description:
If you install CipherSafe™ on a new system and try to run the Key Manager service
as the user who does not belong to the Administrators or Power Users group,
the Key Manager service may fail to start.
Workaround:
Option 1: Do not use the Key Manager service (not recommended).
Option 2: Temporarily add the Key Manager service account
(the user under which account the service runs)
to the local Administrators or Power Users group.
Make sure that the default product administrators
option is set
(if needed, delete the HKLM\SOFTWARE\Obviex\CipherSafe\Options\Admins registry key value).
Restart the Key Manager service.
Open the CipherSafe.NET™ GUI tool and configure the product
to use a static port (use the Tools - Options menu option
and click the Encryption tab).
Remove the user from the local Administrators or Power Users group.
Make sure, that this user has full access to the HKLM\SOFTWARE\Obviex\CipherSafe registry
key and its subkeys.
Restart the Key Manager Service and make sure that no errors are written to Windows® Event Log.
Status:
This problem has been resolved in CipherSafe.NET™ 1.3.1.6.
Note: This bug was previously reported to have been fixed in version 1.3,
so make sure that you have the version 1.3.1.6 or later.
-
Problem:
Cannot decrypt profile value from a traditional ASP file.
Version:
1.2.5
Description:
When attempting to retrieve a profile value from a traditional ASP (not ASPX) file
on certain systems, an exception is thrown with an error message "Decryption failed" and/or
"CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired."
The same profile value can be retrieved from an ASPX application without any problem
(assuming that both the ASP and ASPX file belong to the same IIS application
and are configured in CipherSafe.NET™ as a Web Application or Web Directory).
Workaround:
Configure product encryption settings (use the Tools - Options menu option
and click the Encryption tab) to not use the Transmit encryption key over encrypted channel
option, or set the security level to Low.
Status:
This problem has been resolved in CipherSafe.NET™ 1.3.
-
Problem:
"Object reference not set to an instance of an object" exception is raised
when accessing a profile value.
Version:
1.2
Description:
After accessing the current application profile via the
ApplicationProfile.GetProfile method
and attempting to get a profile value via an indexer,
the following exception can be raised:
"Object reference not set to an instance of an object."
Workaround:
This problem has been fixed in SP1, but you can avoid it in a previous version
of the product by using a dummy for each loop in a manner similar to this:
// C# code
ApplicationProfile app = ApplicationProfile.GetProfile(Category.WebApp)
foreach (ProfileItem item in app) break;
' VB.NET code
Dim app As ApplicationProfile = ApplicationProfile.GetProfile(Category.WebApp)
Dim item As ProfileItem
For Each item In app
Exit For
Next
Status:
This problem has been fixed in CipherSafe.NET™ 1.2 SP1,
which is currently available for download.
Make sure that the version of the installed CipherSafe.dll file is
1.2.1.x (or later).
-
Problem:
Toolbar icons disappear in CipherSafe™ GUI on .NET Framework 1.1.
Version:
1.1
Description:
Toolbar gets displayed without icons in the .NET Framework 1.1 release
of CipherSafe™ GUI tool.
Workaround:
Use menus instead of the toolbar.
Status:
This problem has been resolved in the latest release of
CipherSafe.NET™ 1.1 (.NET Framework 1.1 release).
Make sure that the version of CipherSafeGUI.exe file is
1.1.1.1 or later.
-
Problem:
CipherSafe™ Key Manager service fails on Windows® 2003 Server and
on systems with .NET Framework 1.1 only.
Version:
1.1 (BETA)
Description:
Because of the changes in .NET Framework 1.1,
remoting calls to the CipherSafe™ Key Manager service may fail making it
impossible to define or retrieve application profile values.
The following error message can be returned:
"Failed to set machine key.
Please make sure that the CipherSafe.NET Key Manager service is running.
Because of security restrictions,
the type System.Runtime.Remoting.ObjRef cannot be accessed."
Workaround:
Option 1: Do not use CipherSafe.NET™ Key Manager (not recommended).
Option 2: See Status below.
Status:
This problem has been resolved in the final release of
CipherSafe.NET™ 1.1 targeted for .NET Framework 1.1.
Please be careful when downloading the product installation package,
which is available in two flavors: one for .NET Framework 1.0,
the other for .NET Framework 1.1.
If your system supports both versions of the Framework,
you can use either package.
|
