The code is something like this:
....
....
RSA rsa = RSA.Create ();
rsa.ImportParameters (param);
I know it has got something to do with the IIS user not having the same
access rights to key stores and files as a normal user.
Unfortunately I can't change the code (not my assembly), so can anyone tell
me what I can tweak on the PC to make this work?
Thanks!
/Kim
- Mitch Gallant
MVP Security
www.jensign.com
"Kim Hellan" <som...@nowhere.com> wrote in message news:ONk3njjL...@TK2MSFTNGP11.phx.gbl...
RSA rsa = RSA.Create ();
rsa.ImportParameters (param);
But ImportParameters throws a:
System.Security.Cryptography.CryptographicException:
The system cannot find the file specified.
I think I read somewhere that ImportParameters actually creates a temporary
keyfile, so that may be the problem.
But when I'm not accessing a key/certificate in neither a store nor on disk,
I have no idea what I should give access to.
It's probably the IUSR_xxx user that should be granted access to something,
but what?
Any hints appreciated!
/Kim
"Mitch Gallant" <jens...@community.nospam> skrev i en meddelelse
news:uFsoc%23jLGH...@TK2MSFTNGP14.phx.gbl...
- Mitch Gallant
"Kim Hellan" <som...@nowhere.com> wrote in message news:%23z0HVMk...@tk2msftngp13.phx.gbl...
Those are:
USERENV(b88.ac4) 14:52:43:395 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(b88.ac4) 14:52:43:395 GetUserGuid: Failed to impersonate user with
5.
USERENV(b88.ac4) 14:52:43:395 GetProfileSid: No Guid -> Sid Mapping
available
USERENV(b88.ac4) 14:52:43:395 GetProfileType: Profile is not loaded.
I have no idea what they mean, but it looks as if they could be related to
the problem?
/Kim
"Mitch Gallant" <jens...@community.nospam> skrev i en meddelelse
news:uHj9Bdk...@TK2MSFTNGP12.phx.gbl...
one common cause for this problem is that the RSA object tries to create the
CryptoConatiner in the user profile. For performance reasons, that part of
the profile is not loaded in ASP.NET applications.
See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for more
on this topic.
The solution given in the article is to create the RSA object with a custom
CspParameters object, specifying the machine store to use.
If this is indeed your problem, there seems no solution without a code
change...
Greetings,
Henning
"Kim Hellan" <som...@nowhere.com> wrote in message
news:%23z0HVMk...@tk2msftngp13.phx.gbl...
In one of my own projects I have actually done the change in code that you
suggest.
Unfortunately I can't change the code that's causing problems, since it's a
3rd party DLL.
Another question about this...
Are there any performance issues to observe regarding the different ways to
create the RSA object?
I was under the impression that:
RSA rsa = RSA.Create ();
... just creates an empty object without doing anything, while
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam);
...actually generates an RSA dummy key, which of course has a huge impact on
performance.
Is that correct?
Regards,
Kim
"Henning Krause [MVP]" <newsgrou...@this.infinitec.de> skrev i en
meddelelse news:egQVTIqL...@TK2MSFTNGP15.phx.gbl...
I just took another look at the documentation of these objects.
It seems that you can set the RSACryptoServiceProvider.UseMachineKeyStore to
true. This should be (according to the docs) equivalent to using the Csp
Parameters.
Greetings,
Henning Krause
"Kim Hellan" <som...@nowhere.com> wrote in message
news:uvQOLRHM...@TK2MSFTNGP12.phx.gbl...
Thank you,
Kim
"Henning Krause [MVP]" <newsgrou...@this.infinitec.de> skrev i en
meddelelse news:%23j74YVJ...@TK2MSFTNGP11.phx.gbl...