Skip to content

Paul Brown

← Your Ideas for Plesk

My feedback

1 result found

  1. Enable IIS option "loadUserProfile:true" for dedicated application pools

    29 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Feature Suggestions » Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

    Paul Brown supported this idea  · 
    An error occurred while saving the comment
    Paul Brown commented  · 

    If using MS Identity to create a new (web) user security token while using the anonymous user profile in a Web App, IIS has no knowledge of the new web user's profile, which is necessary, to create tokens for updating email and passwords. The following IIS error occurs without "Load User Profile" set to true:

    "The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating."

    The Plex UI should offer a way to update the IIS "Load User Profile" setting to true. This is a common problem when writing web apps using Microsoft Identity. When using UserManager.GenerateEmailConfirmationTokenAsync(user.Id) to create an email confirmation token to verify a newly created web user's email address, the anonymous user's profile is still loaded and prevents the new security token from being created. A quick search will show how common this problem is when using a hosting company not aware of the necessity to allow the "Load User Profile" setting to be set to true for the domain. This setting is only valid for the instantiated web service for the requesting web app and has no affect on other websites hosted by the server. The setting is set to false by default for backward compatibility on apps written for earlier versions of IIS and have no security implications to IIS or other web sites hosted on IIS.

    EVERYBODY SHOULD UPVOTE THIS!!!

    Here are two links to view the problem: https://stackoverflow.com/questions/23773651/the-data-protection-operation-was-unsuccessful-on-azure-using-owin-katana

    https://stackoverflow.com/questions/17149132/what-exactly-happens-when-i-set-loaduserprofile-of-iis-pool

Feedback and Knowledge Base

(thinking…)