Reputation: 17373
asp.net web.config encryption - The RSA key container was not found
I've done the following in order to encrypt the web.config using RSA provider.
RDP to Web Server and opened the VS Command Prompt with my account.
Create a custom RSA encryption key:
aspnet_regiis -pc "MyKey" -exp
Encrypt the connectionStrings section using the custom RSA key:
aspnet_regiis.exe -pef "connectionStrings" "D:\Web\" -prov "MyRsaProvider"
I can see that the web.config has been encrypted. However when I try to load the web page it throws an error below:
"....The RSA key container was not found."
I then tried these commands one by one and tested:
aspnet_regiis -pa "MyKey" "domain\appPool_serviceAccount"
aspnet_regiis -pa "MyKey" "ASPNET"
aspnet_regiis -pa MyKey" IIS APPPOOL\CRSAppPool" -full
aspnet_regiis -pa "MyKey" "NT Authority\Network Service"
And, I still get this error:
"....The RSA key container was not found."
Could some one please help me whether it's a framework bug or am I doing something not right?
Upvotes: 3
Views: 12098
Answers (4)
Reputation: 21
For me the issue was that my web application was running in impersonate mode and the user I was impersonating did not have access to the key. To fix I assume the app pool identity when doing DB connects:
var revert = new RevertToAppPool();
revert.UseAppPoolIdentity();
database = DB.GetDatabase();
revert.ReturnToImpersonatingCurrentUser();
Upvotes: 1
Reputation: 2305
Does your web.config contain the correct encryption header?
<configuration>
<configProtectedData defaultProvider="MyRsaProvider">
<providers>
<add name="MyRsaProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKeys"
useMachineContainer="true" />
</providers>
See here: http://msdn.microsoft.com/en-us/library/68ze1hb2(v=vs.100).aspx
Upvotes: 1
Reputation: 13
just try this and it will work
aspnet_regiis -px "MyKeys" "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\keys.xml" -pri
all keys will be stored there
Upvotes: 1
Reputation: 4993
Are you sure you got the correct identity that the app pool of your web app is running?
Try this. Create an aspx page in your web app with this content
<%@ Page Language="C#" %>
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>
call it whatever you like then navigate to it and it will give you the actual identity that the web app is using. If you didn't already grant access to the key for that user then grant it and see if it works.
Ref: Walkthrough: Creating and Exporting an RSA Key Container
Upvotes: 2
Related Questions
- encrypting web.config failed error
- Web.Config encryption using RsaProtectedConfigurationProvider - "Bad Data" error
- How to grant access to the RSA Key container while encrypting and decrypting a web.config file of an ASP.Net application
- While decrypting the web.config get an error
- aspnet_regiis web.config encryption [Error message from the provider: Bad Data.]
- Provider not found when encrypting web.config
- Failure encrypting web.config using RSA and file path
- Web.config Encryption Error
- Unable to export RSA Key container file
- .NET web.config encryption failing!