http://blogs.msdn.com/alejacma/archive/tags/DPAPI/default.aspxTags: DPAPIen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/alejacma/archive/2008/04/21/dpapiprotectedconfigurationprovider-may-fail-with-the-system-cannot-find-the-file-specified-error.aspxMon, 21 Apr 2008 17:04:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:8414651alejacma0http://blogs.msdn.com/alejacma/comments/8414651.aspxhttp://blogs.msdn.com/alejacma/commentrss.aspx?PostID=8414651<P>Hi, welcome back,</P> <P>The other day we&nbsp;faced a very similar issue to the one I commented on this post: <A class="" href="http://blogs.msdn.com/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx" mce_href="http://blogs.msdn.com/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx">RSACryptoServiceProvider fails when used with ASP.NET</A>. We were getting a very similar exception:</P> <P><STRONG>"System.Configuration.ConfigurationErrorsException: Failed to decrypt using provider 'MyProtectedConfigurationProvider'. Error message from the provider: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"</STRONG></P> <P mce_keep="true">But this time we got it while <STRONG>System.Configuration.DpapiProtectedConfigurationProvider</STRONG> was trying to <STRONG>decrypt</STRONG> a <STRONG>protected configuration</STRONG> section of our <STRONG>web.config</STRONG> file. This provider was configured to work with <STRONG>user-level key storage </STRONG>(<A class="" href="http://msdn2.microsoft.com/en-us/library/system.configuration.dpapiprotectedconfigurationprovider.usemachineprotection.aspx" mce_href="http://msdn2.microsoft.com/en-us/library/system.configuration.dpapiprotectedconfigurationprovider.usemachineprotection.aspx">DpapiProtectedConfigurationProvider<SPAN class=nu>.</SPAN>UseMachineProtection</A> set to False) but the <STRONG>user profile</STRONG> was not loaded.</P> <P mce_keep="true">"The system cannot find the file specified" is a very typical error that appears when we can't access the private key we need to decrypt information, as those keys are usually stored in files in the user profile.&nbsp;</P> <P mce_keep="true">Additionally, if DPAPI works with user-level key storage, it requires the user profile to be loaded in order to store i.e. the master key it uses (see <A class="" href="http://msdn2.microsoft.com/en-us/library/ms995355.aspx" mce_href="http://msdn2.microsoft.com/en-us/library/ms995355.aspx">Windows Data Protection</A> for details on this).</P> <P mce_keep="true">As we saw already (check <A class="" href="http://blogs.msdn.com/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx" mce_href="http://blogs.msdn.com/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx">previous RSACryptoServiceProvider post</A> for details), neither IIS nor ASP.NET will load the profile automatically. We may be able to load it by calling <A class="" href="http://msdn2.microsoft.com/en-us/library/bb762281(VS.85).aspx" mce_href="http://msdn2.microsoft.com/en-us/library/bb762281(VS.85).aspx">LoadUserProfile</A> API or by using a <STRONG>dummy Windows Service</STRONG> (and Service Control Manager -SCM-&nbsp;will load the profile on our behalf). If this doesn't work for us, we will have to use <STRONG>machine-level key storage</STRONG> instead.</P> <P mce_keep="true">I hope this helps.</P> <P>Cheers,</P> <P mce_keep="true">&nbsp;</P> <P>Alex (Alejandro Campos Magencio)</P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=8414651" width="1" height="1">DPAPI