Strange Windows 2000 behavior found with ASPNET permissions?!?

Discussion in 'ASP .Net' started by Michael J. Bigos, Jun 16, 2004.

  1. Has anyone else come across this?

    We are building an ASP.Net application that uses a certficate in the local
    machine store to sign XML data before transmitting it to a third-party. The
    third party application was getting an "invalid signature" error upon
    verification of the signature in our Test environments. I thought perhaps
    our Production (www) certificate version was being used instead, so I
    exported it from the Production server and tried importing it into Test. I
    got this error:

    "An internal error occurred. The private key that you are importing might
    require a cryptographic service provider that is not installed on your
    system."

    As it turned out, it was the ASPNET account permissions that I had added to
    the C:\Documents and Settings\All Users\Application
    Data\Microsoft\Crypto\RSA\MachineKeys folder that was the culprit! When I
    remove those permissions, I was then able to import the key and readd the
    permissions. The exact permissions I added to the MachineKeys Folders were:

    ASPNet (Read & Execute / List Folder Contents / Read) to "this folder,
    subfolders and files". I also tried to reproduce the original error using a
    different set of permissions on ASPNET as indicated by
    http://support.microsoft.com/default.aspx?scid=kb;en-us;327587 (slightly
    different scenario, but similar), but this too caused the error on import.

    If this expected behavior when setting permissions on MachineKeys? If so,
    I'm surprised there aren't more articles on the web about it.

    Happy coding to all!

    Michael Bigos
    Lead Web Application Developer
    The Ayco Company, L.P.
     
    Michael J. Bigos, Jun 16, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest
    Replies:
    2
    Views:
    892
    dave wanta
    Jul 11, 2003
  2. =?Utf-8?B?QnJpYW4=?=
    Replies:
    1
    Views:
    466
    =?Utf-8?B?QnJpYW4=?=
    Dec 17, 2003
  3. Jim Davis
    Replies:
    1
    Views:
    406
    John Saunders
    Jun 9, 2004
  4. Replies:
    0
    Views:
    476
  5. Brian
    Replies:
    1
    Views:
    118
    Chris Marchal[MSFT]
    Dec 23, 2003
Loading...

Share This Page