Allowing group access to encrypted web.config



I've been using the MSDN walkthrough for encrypting connection strings
in a web.config file
(, for a web
site using Windows Basic Authentication, and it works just fine for
granting read permission to the RSA encryption key for a *single user*.
However, when I try to add read access to the key for an NT group,
using the following command:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pa
"NetFrameworkConfigurationKey" "MYMACHINE\MyAccessGroup"

I get the following error message:

No mapping between account names and security IDs was done. (Exception
from HRESULT: 0x80070534)

Accoring to the aspnet_regiis documentation
(, this
command should be applicable for users *and* groups:

-pa container account Grants permission for the specified user or
group account to access the specified key container.

However, I get the distinct impression that this is not the case.
Either that, or I'm doing something wrong in the process. Does anyone
know if it's possible to add group access to the RSA encryption key in
this manner? If not, is there any other way to do so? We manage
access to the site through the use of Active Directory users and
groups. Given the large number of users who have access to the site,
it's not a scalable solution for us to manage encryption key access for
each individual user.

Any help would be appreciated.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question