问题描述
我有一个使用 RSACryptoServiceProvider 使用已知私钥(存储在变量中)解密某些数据的应用程序.
I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable).
当 IIS 应用程序池配置为使用网络服务时,一切运行正常.
When the IIS Application Pool is configured to use Network Service, everything runs fine.
但是,当我们配置 IIS 应用程序池以在不同的身份下运行代码时,我们会得到以下信息:
However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
at System.Security.Cryptography.RSA.FromXmlString(String xmlString)
代码是这样的:
byte[] input;
byte[] output;
string private_key_xml;
var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size);
provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service
ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding
有一些资源试图通过说明您应该授予用户对机器密钥存储的读取权限来回答这个问题 - 但是没有明确的答案来解决这个问题.
There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue.
环境:IIS 6.0、Windows Server 2003 R2、.NET 3.5 SP1
Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1
推荐答案
确实需要这样的代码
CspParameters _cpsParameter;
RSACryptoServiceProvider RSAProvider;
_cpsParameter = new CspParameters();
_cpsParameter.Flags = CspProviderFlags.UseMachineKeyStore;
RSAProvider = new RSACryptoServiceProvider(1024, _cpsParameter);
以下用户需要访问该文件夹:C:Documents and SettingsAll UsersApplication dataMicrosoftCryptoRSAMachineKeys
The following users need access to the folder: C:Documents and SettingsAll UsersApplication dataMicrosoftCryptoRSAMachineKeys
- IIS 用户帐户(匿名)
- 您在 web.config 设置中用于模拟您的应用程序的用户帐户.
所以现在它对我来说很好.
So now it is working fine for me.
这篇关于RSACryptoServiceProvider CryptographicException 系统找不到 ASP.NET 下指定的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!