This problem occurs because WSE 3.0 cannot call the DPAPI if the user profile of the application pool identity is not loaded.
Method 1Configure the application pool identity to run as a user account for which the user profile is already loaded. For example, configure the application pool identity to run as the Network Service account.
Method 2Manually load the user profile of the application pool identity. To do this, use one of the following methods.
Method AFollow these steps:
- Use a user account to log on to the computer, and then do not change the user account.
- Under this user account, create a Microsoft Windows service, or run a Windows service.
- Configure the Windows service so that the user account can interact with the desktop.
Method BTo load the user profile, call the LoadUserProfile function.
Method 3Disable the stateful SecurityContextToken object of the Web service by configuring the statefulSecurityContextToken element. For example, you can use the application configuration file that contains the following code to disable the stateful security tokens.
Method 4To configure the Web service to use a secure conversation, use an X509 certificate, or use another security token type instead of using the default DPAPI implementation. To do this, configure the serviceToken element in the application configuration file of each Web server. For example, the following code configures the Web service to use an X509 certificate instead of using the default DPAPI implementation.
Note Some virus scanners may cause the application domain to be reset.
Steps to reproduce the problem
- Open the WSE 3.0 Secure Conversation Quickstart sample. By default, this sample is in the following location:drive:\Program Files\Microsoft WSE\v3.0\Samples\CS\QuickStart\Security\SecureConversation\Policy
- Configure an application pool to use a custom user account to run the Web service in this sample. The user profile of the application pool identity is not loaded yet.
- Run the WSE 3.0 Secure Conversation Quickstart sample.