I got several .net core 2.2 applications published to a single IIS instance. My dataprotection setup is
public static IDataProtectionBuilder AddCaDataProtection(this IServiceCollection services)
{
const string applicationName = "CertificationAuthority";
var registryKey = Registry.CurrentUser.CreateSubKey($@"SOFTWARE\{applicationName}\keys");
return services
.AddDataProtection()
.SetApplicationName(applicationName)
.ProtectKeysWithDpapi()
.PersistKeysToRegistry(registryKey);
}
Every application invokes this static method from its Startup.ConfigureServices
. Applications are running in separate pools under the same single windows user account. Although, when one application tries to validate data protection token generated in another application validation fails with InvalidToken result.
What I am doing wrong?
PS. What exactly I am trying to do is to generate code with UserManager.GenerateEmailConfirmationTokenAsync
in one app, and then do UserManager.ConfirmEmailAsync
in another.
The reason of the issue was that the application pools were running with PoolIdentity credentials, that in fact means separate user profile for each pool