M
Michael J. Bigos
Has anyone else come across this?
We are building an ASP.Net application that uses a certficate in the local
machine store to sign XML data before transmitting it to a third-party. The
third party application was getting an "invalid signature" error upon
verification of the signature in our Test environments. I thought perhaps
our Production (www) certificate version was being used instead, so I
exported it from the Production server and tried importing it into Test. I
got this error:
"An internal error occurred. The private key that you are importing might
require a cryptographic service provider that is not installed on your
system."
As it turned out, it was the ASPNET account permissions that I had added to
the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys folder that was the culprit! When I
remove those permissions, I was then able to import the key and readd the
permissions. The exact permissions I added to the MachineKeys Folders were:
ASPNet (Read & Execute / List Folder Contents / Read) to "this folder,
subfolders and files". I also tried to reproduce the original error using a
different set of permissions on ASPNET as indicated by
http://support.microsoft.com/default.aspx?scid=kb;en-us;327587 (slightly
different scenario, but similar), but this too caused the error on import.
If this expected behavior when setting permissions on MachineKeys? If so,
I'm surprised there aren't more articles on the web about it.
Happy coding to all!
Michael Bigos
Lead Web Application Developer
The Ayco Company, L.P.
(e-mail address removed)
We are building an ASP.Net application that uses a certficate in the local
machine store to sign XML data before transmitting it to a third-party. The
third party application was getting an "invalid signature" error upon
verification of the signature in our Test environments. I thought perhaps
our Production (www) certificate version was being used instead, so I
exported it from the Production server and tried importing it into Test. I
got this error:
"An internal error occurred. The private key that you are importing might
require a cryptographic service provider that is not installed on your
system."
As it turned out, it was the ASPNET account permissions that I had added to
the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys folder that was the culprit! When I
remove those permissions, I was then able to import the key and readd the
permissions. The exact permissions I added to the MachineKeys Folders were:
ASPNet (Read & Execute / List Folder Contents / Read) to "this folder,
subfolders and files". I also tried to reproduce the original error using a
different set of permissions on ASPNET as indicated by
http://support.microsoft.com/default.aspx?scid=kb;en-us;327587 (slightly
different scenario, but similar), but this too caused the error on import.
If this expected behavior when setting permissions on MachineKeys? If so,
I'm surprised there aren't more articles on the web about it.
Happy coding to all!
Michael Bigos
Lead Web Application Developer
The Ayco Company, L.P.
(e-mail address removed)