|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Problem with RSA.ImportParameters() under ASP .NETI have a problem with some code in an assembly that use
RSA.ImportParameters(). If the assembly is used in a WinForm application it's fine, but I'm having troubles when it's used in ASP .NET. The code is something like this: ..... ..... RSA rsa = RSA.Create (); rsa.ImportParameters (param); I know it has got something to do with the IIS user not having the same access rights to key stores and files as a normal user. Unfortunately I can't change the code (not my assembly), so can anyone tell me what I can tweak on the PC to make this work? Thanks! /Kim If this is a server-side process (asp or asp.net) which needs to access
the private key in any way (for signing or RSA encryption) then you will need to ACL the associated privatekey file with READ permissions for the IUSR_<machinename> account which is what asp and asp.net runs as. For RSA keypairs that are associated with a certificate (probably not your case), there is a very handy CAPICOM tool which greatly facilitates this: <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs - Mitch Gallant MVP Security www.jensign.com Show quoteHide quote "Kim Hellan" <some***@nowhere.com> wrote in message news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >I have a problem with some code in an assembly that use RSA.ImportParameters(). > If the assembly is used in a WinForm application it's fine, but I'm having troubles when it's used > in ASP .NET. > > The code is something like this: > .... > .... > RSA rsa = RSA.Create (); > rsa.ImportParameters (param); > > I know it has got something to do with the IIS user not having the same access rights to key > stores and files as a normal user. > Unfortunately I can't change the code (not my assembly), so can anyone tell me what I can tweak on > the PC to make this work? > > Thanks! > /Kim > It is a server-side process.
I'm not trying to access a private key or certificate in a specific store. I have already gotten a private key earlier from a PKCS#12 and extracted the key parameters. And then a brand new key is created and I'm just trying to import the key parameters into a new key: RSA rsa = RSA.Create (); rsa.ImportParameters (param); But ImportParameters throws a: System.Security.Cryptography.CryptographicException: The system cannot find the file specified. I think I read somewhere that ImportParameters actually creates a temporary keyfile, so that may be the problem. But when I'm not accessing a key/certificate in neither a store nor on disk, I have no idea what I should give access to. It's probably the IUSR_xxx user that should be granted access to something, but what? Any hints appreciated! /Kim Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... > If this is a server-side process (asp or asp.net) which needs to access > the private key in any way (for signing or RSA encryption) then you will > need to ACL the associated privatekey file with READ permissions for > the IUSR_<machinename> account which is what asp and asp.net runs as. > For RSA keypairs that are associated with a certificate (probably not your > case), > there is a very handy CAPICOM tool which greatly facilitates this: > <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs > > - Mitch Gallant > MVP Security > www.jensign.com > > "Kim Hellan" <some***@nowhere.com> wrote in message > news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>I have a problem with some code in an assembly that use >>RSA.ImportParameters(). >> If the assembly is used in a WinForm application it's fine, but I'm >> having troubles when it's used in ASP .NET. >> >> The code is something like this: >> .... >> .... >> RSA rsa = RSA.Create (); >> rsa.ImportParameters (param); >> >> I know it has got something to do with the IIS user not having the same >> access rights to key stores and files as a normal user. >> Unfortunately I can't change the code (not my assembly), so can anyone >> tell me what I can tweak on the PC to make this work? >> >> Thanks! >> /Kim >> > > Yes, I'm pretty sure what you are doing is creating a transient RSA private key
file (in Machine CU store) since you don't specify a persistence. Not sure how accessing that key is managed.. You could look for a transient (private key file) created .. during your asp process (put a pause in it .. look for new files created in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys I don't know how the ACL's would work in this case. I'm pretty sure that exception is a disguised access denial reference. - Mitch Gallant Show quoteHide quote "Kim Hellan" <some***@nowhere.com> wrote in message news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... > It is a server-side process. > I'm not trying to access a private key or certificate in a specific store. > I have already gotten a private key earlier from a PKCS#12 and extracted the key parameters. > And then a brand new key is created and I'm just trying to import the key parameters into a new > key: > > RSA rsa = RSA.Create (); > rsa.ImportParameters (param); > > But ImportParameters throws a: > System.Security.Cryptography.CryptographicException: > The system cannot find the file specified. > > I think I read somewhere that ImportParameters actually creates a temporary keyfile, so that may > be the problem. > But when I'm not accessing a key/certificate in neither a store nor on disk, I have no idea what I > should give access to. > It's probably the IUSR_xxx user that should be granted access to something, but what? > > Any hints appreciated! > /Kim > > > > > "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse > news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >> If this is a server-side process (asp or asp.net) which needs to access >> the private key in any way (for signing or RSA encryption) then you will >> need to ACL the associated privatekey file with READ permissions for >> the IUSR_<machinename> account which is what asp and asp.net runs as. >> For RSA keypairs that are associated with a certificate (probably not your case), >> there is a very handy CAPICOM tool which greatly facilitates this: >> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >> >> - Mitch Gallant >> MVP Security >> www.jensign.com >> >> "Kim Hellan" <some***@nowhere.com> wrote in message news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>I have a problem with some code in an assembly that use RSA.ImportParameters(). >>> If the assembly is used in a WinForm application it's fine, but I'm having troubles when it's >>> used in ASP .NET. >>> >>> The code is something like this: >>> .... >>> .... >>> RSA rsa = RSA.Create (); >>> rsa.ImportParameters (param); >>> >>> I know it has got something to do with the IIS user not having the same access rights to key >>> stores and files as a normal user. >>> Unfortunately I can't change the code (not my assembly), so can anyone tell me what I can tweak >>> on the PC to make this work? >>> >>> Thanks! >>> /Kim >>> >> >> > > We have tried monitoring the disk and no files are ever written, so I think
access for writing that temporary file is denied. With a filemonitor we can see that everytime we get the error, some entries are written in C:\WINNT\Debug\UserMode\Userenv.log by dllhost.exe Those are: USERENV(b88.ac4) 14:52:43:395 ImpersonateUser: Failed to impersonate user with 5. USERENV(b88.ac4) 14:52:43:395 GetUserGuid: Failed to impersonate user with 5. USERENV(b88.ac4) 14:52:43:395 GetProfileSid: No Guid -> Sid Mapping available USERENV(b88.ac4) 14:52:43:395 GetProfileType: Profile is not loaded. I have no idea what they mean, but it looks as if they could be related to the problem? /Kim Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse news:uHj9BdkLGHA.360@TK2MSFTNGP12.phx.gbl... > Yes, I'm pretty sure what you are doing is creating a transient RSA > private key > file (in Machine CU store) since you don't specify a persistence. > Not sure how accessing that key is managed.. > You could look for a transient (private key file) created .. during your > asp process > (put a pause in it .. look for new files created in > C:\Documents and Settings\All Users\Application > Data\Microsoft\Crypto\RSA\MachineKeys > I don't know how the ACL's would work in this case. I'm pretty sure that > exception > is a disguised access denial reference. > > - Mitch Gallant > > > "Kim Hellan" <some***@nowhere.com> wrote in message > news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... >> It is a server-side process. >> I'm not trying to access a private key or certificate in a specific >> store. >> I have already gotten a private key earlier from a PKCS#12 and extracted >> the key parameters. >> And then a brand new key is created and I'm just trying to import the key >> parameters into a new key: >> >> RSA rsa = RSA.Create (); >> rsa.ImportParameters (param); >> >> But ImportParameters throws a: >> System.Security.Cryptography.CryptographicException: >> The system cannot find the file specified. >> >> I think I read somewhere that ImportParameters actually creates a >> temporary keyfile, so that may be the problem. >> But when I'm not accessing a key/certificate in neither a store nor on >> disk, I have no idea what I should give access to. >> It's probably the IUSR_xxx user that should be granted access to >> something, but what? >> >> Any hints appreciated! >> /Kim >> >> >> >> >> "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse >> news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >>> If this is a server-side process (asp or asp.net) which needs to access >>> the private key in any way (for signing or RSA encryption) then you will >>> need to ACL the associated privatekey file with READ permissions for >>> the IUSR_<machinename> account which is what asp and asp.net runs as. >>> For RSA keypairs that are associated with a certificate (probably not >>> your case), >>> there is a very handy CAPICOM tool which greatly facilitates this: >>> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >>> >>> - Mitch Gallant >>> MVP Security >>> www.jensign.com >>> >>> "Kim Hellan" <some***@nowhere.com> wrote in message >>> news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>>I have a problem with some code in an assembly that use >>>>RSA.ImportParameters(). >>>> If the assembly is used in a WinForm application it's fine, but I'm >>>> having troubles when it's used in ASP .NET. >>>> >>>> The code is something like this: >>>> .... >>>> .... >>>> RSA rsa = RSA.Create (); >>>> rsa.ImportParameters (param); >>>> >>>> I know it has got something to do with the IIS user not having the same >>>> access rights to key stores and files as a normal user. >>>> Unfortunately I can't change the code (not my assembly), so can anyone >>>> tell me what I can tweak on the PC to make this work? >>>> >>>> Thanks! >>>> /Kim >>>> >>> >>> >> >> > > Hello,
one common cause for this problem is that the RSA object tries to create the CryptoConatiner in the user profile. For performance reasons, that part of the profile is not loaded in ASP.NET applications. See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for more on this topic. The solution given in the article is to create the RSA object with a custom CspParameters object, specifying the machine store to use. If this is indeed your problem, there seems no solution without a code change... Greetings, Henning Show quoteHide quote "Kim Hellan" <some***@nowhere.com> wrote in message news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... > It is a server-side process. > I'm not trying to access a private key or certificate in a specific store. > I have already gotten a private key earlier from a PKCS#12 and extracted > the key parameters. > And then a brand new key is created and I'm just trying to import the key > parameters into a new key: > > RSA rsa = RSA.Create (); > rsa.ImportParameters (param); > > But ImportParameters throws a: > System.Security.Cryptography.CryptographicException: > The system cannot find the file specified. > > I think I read somewhere that ImportParameters actually creates a > temporary keyfile, so that may be the problem. > But when I'm not accessing a key/certificate in neither a store nor on > disk, I have no idea what I should give access to. > It's probably the IUSR_xxx user that should be granted access to > something, but what? > > Any hints appreciated! > /Kim > > > > > "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse > news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >> If this is a server-side process (asp or asp.net) which needs to access >> the private key in any way (for signing or RSA encryption) then you will >> need to ACL the associated privatekey file with READ permissions for >> the IUSR_<machinename> account which is what asp and asp.net runs as. >> For RSA keypairs that are associated with a certificate (probably not >> your case), >> there is a very handy CAPICOM tool which greatly facilitates this: >> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >> >> - Mitch Gallant >> MVP Security >> www.jensign.com >> >> "Kim Hellan" <some***@nowhere.com> wrote in message >> news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>I have a problem with some code in an assembly that use >>>RSA.ImportParameters(). >>> If the assembly is used in a WinForm application it's fine, but I'm >>> having troubles when it's used in ASP .NET. >>> >>> The code is something like this: >>> .... >>> .... >>> RSA rsa = RSA.Create (); >>> rsa.ImportParameters (param); >>> >>> I know it has got something to do with the IIS user not having the same >>> access rights to key stores and files as a normal user. >>> Unfortunately I can't change the code (not my assembly), so can anyone >>> tell me what I can tweak on the PC to make this work? >>> >>> Thanks! >>> /Kim >>> >> >> > > Hi,
In one of my own projects I have actually done the change in code that you suggest. Unfortunately I can't change the code that's causing problems, since it's a 3rd party DLL. Another question about this... Are there any performance issues to observe regarding the different ways to create the RSA object? I was under the impression that: RSA rsa = RSA.Create (); .... just creates an empty object without doing anything, while RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam); ....actually generates an RSA dummy key, which of course has a huge impact on performance. Is that correct? Regards, Kim Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> skrev i en meddelelse news:egQVTIqLGHA.4052@TK2MSFTNGP15.phx.gbl... > Hello, > > one common cause for this problem is that the RSA object tries to create > the CryptoConatiner in the user profile. For performance reasons, that > part of the profile is not loaded in ASP.NET applications. > > See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for > > The solution given in the article is to create the RSA object with a > custom CspParameters object, specifying the machine store to use. > > If this is indeed your problem, there seems no solution without a code > change... > > Greetings, > Henning > > "Kim Hellan" <some***@nowhere.com> wrote in message > news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... >> It is a server-side process. >> I'm not trying to access a private key or certificate in a specific >> store. >> I have already gotten a private key earlier from a PKCS#12 and extracted >> the key parameters. >> And then a brand new key is created and I'm just trying to import the key >> parameters into a new key: >> >> RSA rsa = RSA.Create (); >> rsa.ImportParameters (param); >> >> But ImportParameters throws a: >> System.Security.Cryptography.CryptographicException: >> The system cannot find the file specified. >> >> I think I read somewhere that ImportParameters actually creates a >> temporary keyfile, so that may be the problem. >> But when I'm not accessing a key/certificate in neither a store nor on >> disk, I have no idea what I should give access to. >> It's probably the IUSR_xxx user that should be granted access to >> something, but what? >> >> Any hints appreciated! >> /Kim >> >> >> >> >> "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse >> news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >>> If this is a server-side process (asp or asp.net) which needs to access >>> the private key in any way (for signing or RSA encryption) then you will >>> need to ACL the associated privatekey file with READ permissions for >>> the IUSR_<machinename> account which is what asp and asp.net runs as. >>> For RSA keypairs that are associated with a certificate (probably not >>> your case), >>> there is a very handy CAPICOM tool which greatly facilitates this: >>> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >>> >>> - Mitch Gallant >>> MVP Security >>> www.jensign.com >>> >>> "Kim Hellan" <some***@nowhere.com> wrote in message >>> news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>>I have a problem with some code in an assembly that use >>>>RSA.ImportParameters(). >>>> If the assembly is used in a WinForm application it's fine, but I'm >>>> having troubles when it's used in ASP .NET. >>>> >>>> The code is something like this: >>>> .... >>>> .... >>>> RSA rsa = RSA.Create (); >>>> rsa.ImportParameters (param); >>>> >>>> I know it has got something to do with the IIS user not having the same >>>> access rights to key stores and files as a normal user. >>>> Unfortunately I can't change the code (not my assembly), so can anyone >>>> tell me what I can tweak on the PC to make this work? >>>> >>>> Thanks! >>>> /Kim >>>> >>> >>> >> >> > > Hello,
I just took another look at the documentation of these objects. It seems that you can set the RSACryptoServiceProvider.UseMachineKeyStore to true. This should be (according to the docs) equivalent to using the Csp Parameters. Greetings, Henning Krause Show quoteHide quote "Kim Hellan" <some***@nowhere.com> wrote in message news:uvQOLRHMGHA.2528@TK2MSFTNGP12.phx.gbl... > Hi, > > In one of my own projects I have actually done the change in code that you > suggest. > Unfortunately I can't change the code that's causing problems, since it's > a 3rd party DLL. > > Another question about this... > Are there any performance issues to observe regarding the different ways > to create the RSA object? > I was under the impression that: > RSA rsa = RSA.Create (); > ... just creates an empty object without doing anything, while > RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam); > ...actually generates an RSA dummy key, which of course has a huge impact > on performance. > > Is that correct? > > Regards, > Kim > > > "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> skrev i en > meddelelse news:egQVTIqLGHA.4052@TK2MSFTNGP15.phx.gbl... >> Hello, >> >> one common cause for this problem is that the RSA object tries to create >> the CryptoConatiner in the user profile. For performance reasons, that >> part of the profile is not loaded in ASP.NET applications. >> >> See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for >> >> The solution given in the article is to create the RSA object with a >> custom CspParameters object, specifying the machine store to use. >> >> If this is indeed your problem, there seems no solution without a code >> change... >> >> Greetings, >> Henning >> >> "Kim Hellan" <some***@nowhere.com> wrote in message >> news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... >>> It is a server-side process. >>> I'm not trying to access a private key or certificate in a specific >>> store. >>> I have already gotten a private key earlier from a PKCS#12 and extracted >>> the key parameters. >>> And then a brand new key is created and I'm just trying to import the >>> key parameters into a new key: >>> >>> RSA rsa = RSA.Create (); >>> rsa.ImportParameters (param); >>> >>> But ImportParameters throws a: >>> System.Security.Cryptography.CryptographicException: >>> The system cannot find the file specified. >>> >>> I think I read somewhere that ImportParameters actually creates a >>> temporary keyfile, so that may be the problem. >>> But when I'm not accessing a key/certificate in neither a store nor on >>> disk, I have no idea what I should give access to. >>> It's probably the IUSR_xxx user that should be granted access to >>> something, but what? >>> >>> Any hints appreciated! >>> /Kim >>> >>> >>> >>> >>> "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse >>> news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >>>> If this is a server-side process (asp or asp.net) which needs to access >>>> the private key in any way (for signing or RSA encryption) then you >>>> will >>>> need to ACL the associated privatekey file with READ permissions for >>>> the IUSR_<machinename> account which is what asp and asp.net runs as. >>>> For RSA keypairs that are associated with a certificate (probably not >>>> your case), >>>> there is a very handy CAPICOM tool which greatly facilitates this: >>>> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >>>> >>>> - Mitch Gallant >>>> MVP Security >>>> www.jensign.com >>>> >>>> "Kim Hellan" <some***@nowhere.com> wrote in message >>>> news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>>>I have a problem with some code in an assembly that use >>>>>RSA.ImportParameters(). >>>>> If the assembly is used in a WinForm application it's fine, but I'm >>>>> having troubles when it's used in ASP .NET. >>>>> >>>>> The code is something like this: >>>>> .... >>>>> .... >>>>> RSA rsa = RSA.Create (); >>>>> rsa.ImportParameters (param); >>>>> >>>>> I know it has got something to do with the IIS user not having the >>>>> same access rights to key stores and files as a normal user. >>>>> Unfortunately I can't change the code (not my assembly), so can anyone >>>>> tell me what I can tweak on the PC to make this work? >>>>> >>>>> Thanks! >>>>> /Kim >>>>> >>>> >>>> >>> >>> >> >> > > Thank you for that.
Regarding my previous question... Do you know if there are any performance issues involved using RSACryptoServiceProvider instead of just RSA? Thank you, Kim Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> skrev i en meddelelse news:%23j74YVJMGHA.3104@TK2MSFTNGP11.phx.gbl... > Hello, > > I just took another look at the documentation of these objects. > > It seems that you can set the RSACryptoServiceProvider.UseMachineKeyStore > to true. This should be (according to the docs) equivalent to using the > Csp Parameters. > > Greetings, > Henning Krause > > > "Kim Hellan" <some***@nowhere.com> wrote in message > news:uvQOLRHMGHA.2528@TK2MSFTNGP12.phx.gbl... >> Hi, >> >> In one of my own projects I have actually done the change in code that >> you suggest. >> Unfortunately I can't change the code that's causing problems, since it's >> a 3rd party DLL. >> >> Another question about this... >> Are there any performance issues to observe regarding the different ways >> to create the RSA object? >> I was under the impression that: >> RSA rsa = RSA.Create (); >> ... just creates an empty object without doing anything, while >> RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam); >> ...actually generates an RSA dummy key, which of course has a huge impact >> on performance. >> >> Is that correct? >> >> Regards, >> Kim >> >> >> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> skrev i en >> meddelelse news:egQVTIqLGHA.4052@TK2MSFTNGP15.phx.gbl... >>> Hello, >>> >>> one common cause for this problem is that the RSA object tries to create >>> the CryptoConatiner in the user profile. For performance reasons, that >>> part of the profile is not loaded in ASP.NET applications. >>> >>> See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for >>> >>> The solution given in the article is to create the RSA object with a >>> custom CspParameters object, specifying the machine store to use. >>> >>> If this is indeed your problem, there seems no solution without a code >>> change... >>> >>> Greetings, >>> Henning >>> >>> "Kim Hellan" <some***@nowhere.com> wrote in message >>> news:%23z0HVMkLGHA.1088@tk2msftngp13.phx.gbl... >>>> It is a server-side process. >>>> I'm not trying to access a private key or certificate in a specific >>>> store. >>>> I have already gotten a private key earlier from a PKCS#12 and >>>> extracted the key parameters. >>>> And then a brand new key is created and I'm just trying to import the >>>> key parameters into a new key: >>>> >>>> RSA rsa = RSA.Create (); >>>> rsa.ImportParameters (param); >>>> >>>> But ImportParameters throws a: >>>> System.Security.Cryptography.CryptographicException: >>>> The system cannot find the file specified. >>>> >>>> I think I read somewhere that ImportParameters actually creates a >>>> temporary keyfile, so that may be the problem. >>>> But when I'm not accessing a key/certificate in neither a store nor on >>>> disk, I have no idea what I should give access to. >>>> It's probably the IUSR_xxx user that should be granted access to >>>> something, but what? >>>> >>>> Any hints appreciated! >>>> /Kim >>>> >>>> >>>> >>>> >>>> "Mitch Gallant" <jensigner@community.nospam> skrev i en meddelelse >>>> news:uFsoc%23jLGHA.3496@TK2MSFTNGP14.phx.gbl... >>>>> If this is a server-side process (asp or asp.net) which needs to >>>>> access >>>>> the private key in any way (for signing or RSA encryption) then you >>>>> will >>>>> need to ACL the associated privatekey file with READ permissions for >>>>> the IUSR_<machinename> account which is what asp and asp.net runs as. >>>>> For RSA keypairs that are associated with a certificate (probably not >>>>> your case), >>>>> there is a very handy CAPICOM tool which greatly facilitates this: >>>>> <capicominstalldir>\samples\vbs\CSetKeyPerm.vbs >>>>> >>>>> - Mitch Gallant >>>>> MVP Security >>>>> www.jensign.com >>>>> >>>>> "Kim Hellan" <some***@nowhere.com> wrote in message >>>>> news:ONk3njjLGHA.2320@TK2MSFTNGP11.phx.gbl... >>>>>>I have a problem with some code in an assembly that use >>>>>>RSA.ImportParameters(). >>>>>> If the assembly is used in a WinForm application it's fine, but I'm >>>>>> having troubles when it's used in ASP .NET. >>>>>> >>>>>> The code is something like this: >>>>>> .... >>>>>> .... >>>>>> RSA rsa = RSA.Create (); >>>>>> rsa.ImportParameters (param); >>>>>> >>>>>> I know it has got something to do with the IIS user not having the >>>>>> same access rights to key stores and files as a normal user. >>>>>> Unfortunately I can't change the code (not my assembly), so can >>>>>> anyone tell me what I can tweak on the PC to make this work? >>>>>> >>>>>> Thanks! >>>>>> /Kim >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > 
Other interesting topics
AuthenticateAsServer/AuthenticateAsClient ProtectionLevel and iden
Running application in local intranet HOWTO Run CASPOL for full trust on UserControl. .NET 2.0, X509Certificates and CRL Check Issues With User Control Embedded Into Web Page Since Installing .NET 2.0 CAS exception - crash verify write permission to a folder Translate BUILTIN to domain name Encyption NEED Solution for .NET 2.0 mscorcfg.msc w/o SDK |
|||||||||||||||||||||||
