問題描述
我有一個使用 RSACryptoServiceProvider 使用已知私鑰(存儲在變量中)解密某些數據的應用程序.
I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable).
當 IIS 應用程序池配置為使用網絡服務時,一切運行正常.
When the IIS Application Pool is configured to use Network Service, everything runs fine.
但是,當我們配置 IIS 應用程序池以在不同的身份下運行代碼時,我們會得到以下信息:
However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
at System.Security.Cryptography.RSA.FromXmlString(String xmlString)
代碼是這樣的:
byte[] input;
byte[] output;
string private_key_xml;
var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size);
provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service
ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding
有一些資源試圖通過說明您應該授予用戶對機器密鑰存儲的讀取權限來回答這個問題 - 但是沒有明確的答案來解決這個問題.
There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue.
環境:IIS 6.0、Windows Server 2003 R2、.NET 3.5 SP1
Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1
推薦答案
確實需要這樣的代碼
CspParameters _cpsParameter;
RSACryptoServiceProvider RSAProvider;
_cpsParameter = new CspParameters();
_cpsParameter.Flags = CspProviderFlags.UseMachineKeyStore;
RSAProvider = new RSACryptoServiceProvider(1024, _cpsParameter);
以下用戶需要訪問該文件夾:C:Documents and SettingsAll UsersApplication dataMicrosoftCryptoRSAMachineKeys
The following users need access to the folder: C:Documents and SettingsAll UsersApplication dataMicrosoftCryptoRSAMachineKeys
- IIS 用戶帳戶(匿名)
- 您在 web.config 設置中用于模擬您的應用程序的用戶帳戶.
所以現在它對我來說很好.
So now it is working fine for me.
這篇關于RSACryptoServiceProvider CryptographicException 系統找不到 ASP.NET 下指定的文件的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!