Asp.net web.config encryption – The RSA key container was not found

asp.net

I've done the following in order to encrypt the web.config using RSA provider.

RDP to Web Server and opened the VS Command Prompt with my account.

Create a custom RSA encryption key:

aspnet_regiis -pc "MyKey" -exp

Encrypt the connectionStrings section using the custom RSA key:

aspnet_regiis.exe -pef "connectionStrings" "D:\Web\" -prov
"MyRsaProvider"

I can see that the web.config has been encrypted. However when I try to load the web page it throws an error below:

"….The RSA key container was not found."

I then tried these commands one by one and tested:

aspnet_regiis -pa "MyKey" "domain\appPool_serviceAccount"

aspnet_regiis -pa "MyKey" "ASPNET"

aspnet_regiis -pa MyKey" IIS APPPOOL\CRSAppPool" -full

aspnet_regiis -pa "MyKey" "NT Authority\Network Service"

And, I still get this error:

"….The RSA key container was not found."

Could some one please help me whether it's a framework bug or am I doing something not right?

Best Answer

Are you sure you got the correct identity that the app pool of your web app is running?

Try this. Create an aspx page in your web app with this content

<%@ Page Language="C#" %>
<%
    Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>

call it whatever you like then navigate to it and it will give you the actual identity that the web app is using. If you didn't already grant access to the key for that user then grant it and see if it works.

Ref: Walkthrough: Creating and Exporting an RSA Key Container

Related Solutions

C# – “The RSA key container could not be opened” Error even after ACL Permission (for some users)

Following is an approach I tried which does not involve Machine config.

Note: If the destination is in Windows Sever 2008, the encryption steps need to be executed in a Windows Server 2008 itself.

Executed the below codes in server A

Note:- Registering key

 cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
 aspnet_regiis.exe -pc "MyProjectKeys" -exp

Note:- GRANTING ACCESS on SERVER A only

aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"

Exported XML file containing RSA Key

aspnet_regiis.exe -px "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml –pri

Added the following in web.config

<configProtectedData>
  <providers>
    <clear/>
<remove name="RSAProtectedConfigurationProvider" />
     <add name="RSAProtectedConfigurationProvider" keyContainerName="MyProjectKeys" 
    type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,&#xD;&#xA;                
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,&#xD;&#xA; processorArchitecture=MSIL"
          useMachineContainer="true" />
  </providers>
</configProtectedData>

Encrypted

aspnet_regiis -pef "connectionStrings" "E:\wmapps\webroot\myservice" -prov "RsaProtectedConfigurationProvider"

Copied the encrypted files in B Server. Copied the key xml file into the B Server.

Created batch file with the following commands and Executed (for Key registration and granting access)

c:
cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pi "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml
aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"

Best Answer

Related Solutions

C# – “The RSA key container could not be opened” Error even after ACL Permission (for some users)

Related Topic