RSACryptoServiceProvider CryptographicException系统找不到在ASP.NET下指定的文件 [英] RSACryptoServiceProvider CryptographicException System Cannot Find the File Specified under ASP.NET
问题描述
我有一个应用程序使用RSACryptoServiceProvider使用已知的私钥(存储在变量中)解密一些数据。
I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable).
当IIS应用程序池配置为使用网络服务时,一切运行正常。
When the IIS Application Pool is configured to use Network Service, everything runs fine.
但是,当我们配置IIS应用程序池以在不同的身份下运行代码时,我们得到以下结果:
However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
at System.Security.Cryptography.RSA.FromXmlString(String xmlString)
代码如下:
byte[] input;
byte[] output;
string private_key_xml;
var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size);
provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service
ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding
有资源尝试回答它说明您应该给用户读取机器密钥存储的访问权限 - 但是没有确定的答案来解决这个问题。
There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue.
环境:IIS 6.0,Windows Server 2003 R2,.NET 3.5 SP1
Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1
推荐答案
确实,你需要这样的代码工作
Indeed you need to work a code like this
CspParameters _cpsParameter;
RSACryptoServiceProvider RSAProvider;
_cpsParameter = new CspParameters();
_cpsParameter.Flags = CspProviderFlags.UseMachineKeyStore;
RSAProvider = new RSACryptoServiceProvider(1024, _cpsParameter);
以下用户需要访问该文件夹:C:\Documents和Settings \All Users \\ \\Application data\Microsoft\Crypto\RSA\MachineKeys
The following users need access to the folder: C:\Documents and Settings\All Users\Application data\Microsoft\Crypto\RSA\MachineKeys
- IIS用户帐户(匿名)
- 用于在web.config设置中模拟应用程序的用户帐户。
现在对我来说工作正常。
So now it is working fine for me.
这篇关于RSACryptoServiceProvider CryptographicException系统找不到在ASP.NET下指定的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!