WebDAV Vault 5.0.1: Invalid credentials are not well handled

If you are having a problem using Vault, post a message here.

Moderator: SourceGear

Post Reply
avonwyss
Posts: 99
Joined: Mon Oct 04, 2004 9:06 am

WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by avonwyss » Mon Sep 14, 2009 8:51 am

If there are problems with the credentials, the WebDAV client does not give a 40x error, but fails with a 500 error:

Code: Select all

GET /sgdav/wd.ashx/site/repository/ HTTP/1.1
Host: www.sirius.ch
Accept: */*
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxx

RESPONSE:
HTTP/1.1 500 Internal Server Error
Date: Mon, 14 Sep 2009 14:46:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Length: 0
A sanity check is somewhat more informative:

Code: Select all

RESPONSE:
HTTP/1.1 200 OK
Date: Mon, 14 Sep 2009 14:48:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html
Content-Length: 1623

<html><head><title>Vault WebDAV Sanity Check</title></head><body>\r\n
<strong>Request URI: </strong>http://server:80/sgdav/wd.ashx/site/repository/SanityCheck<br /><strong>Vault/Fortress server: </strong>server<br /><strong>Vault/Fortress repository: </strong>repository<br /><strong>Vault credentials: </strong>user/***********<br /><strong>Working folder: </strong>G:\WINDOWS\Temp\sgvault<br /><strong>Login failed: </strong>Access is denied.
<br /><pre>
   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.RSACryptoServiceProvider.get_PersistKeyInCsp()
   at System.Security.Cryptography.RSACryptoServiceProvider.set_PersistKeyInCsp(Boolean value)
   at VaultLib.VaultUserCrypt.EncryptPassword(String strUnencryptedPassword, Byte[] publicKey, Byte[] exponent, String& strEncryptedPassword, String& strRMKey)
   at VaultClientNetLib.VaultConnection.Login(String strURLBase, String strUserLogin, String strPassword)
   at VaultClientOperationsLib.ClientInstance.Login(String urlbase, String username, String password)
   at sgdav.utils.vaultLogin(String url, String user, String password, String repository, String& savedCachePath)
   at sgdav.SanityCheck.check(String uri, String user, String password, TextWriter textoutput)</pre>
</body></html>
Top
lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by lbauer » Mon Sep 14, 2009 9:30 am

How are you using WebDav - are you using it with Dreamweaver?

Where are you seeing this error?

Are the invalid credentials the mistyped or missing credentials of a Vault user?
Linda Bauer
SourceGear
Technical Support Manager
Top
avonwyss
Posts: 99
Joined: Mon Oct 04, 2004 9:06 am

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by avonwyss » Mon Sep 14, 2009 9:34 am

I tried getting a file through a web browser, and I think I mistyped the password. What I got back was an empty page, instead of the expected password dialog again. Therefore, I took WFetch to see what happens, and that's what I've posted here.

Edit: maybe WebDAV doesn't work at all on our server with Vault 5.0.1, I tried again with correct credentials and the error remains.

Maybe some trust issue with the crypto service provider?
http://www.atalasoft.com/cs/blogs/danba ... sages.aspx
Top
lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by lbauer » Mon Sep 14, 2009 4:13 pm

The 500 error on bad credentials has been fixed for Vault 5.0.2, which has not been released yet.

We've seen cryptographic errors before with the Vault Client or CCNet. Generally the solution is to add Read/Write/Modify permissions to %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys for the account used by Vault or CCNet. But if Vault Client is working, just not WebDav, there may be another account that needs access. You could try temporarily giving Everyone access to see if that makes a difference.
Linda Bauer
SourceGear
Technical Support Manager
Top
avonwyss
Posts: 99
Joined: Mon Oct 04, 2004 9:06 am

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by avonwyss » Tue Sep 15, 2009 3:18 am

Generally the solution is to add Read/Write/Modify permissions to %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys
Done that on the server, and it seems to fix the issue. What is unclear to me is why the installer has nod done this in the first place while updating, I'm pretty sure that WebDAV did work in 5.0.0 before updating to 5.0.1.
Top
lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by lbauer » Wed Sep 16, 2009 12:16 pm

What account did you give permission to?

The installer should make this change. Not sure why it didn't.
Linda Bauer
SourceGear
Technical Support Manager
Top
avonwyss
Posts: 99
Joined: Mon Oct 04, 2004 9:06 am

Re: WebDAV Vault 5.0.1: Invalid credentials are not well handled

Post by avonwyss » Wed Sep 16, 2009 12:19 pm

I gave "Everyone" rights to the keys, as suggested.

We have a domain account for Vault and I've done the install just the same as 5.0.0. The account used for installation was a administrator account.
Top
Post Reply

Return to “Support (Vault)”