crypto security setting problem

From: Lorenzini Fabien (difabio_at_voila.fr)
Date: 10/18/04 

Date: 18 Oct 2004 03:35:46 -0700

Hello

I am using RSA provider like this :

rsa = new RSACryptoServiceProvider(GetCryptoServiceProvider());

        private CspParameters GetCryptoServiceProvider()
                {
                        // Create the CspParameters object
                        CspParameters csp = new CspParameters();

                        // Set the key container name that has the _rsa key pair
                        csp.KeyContainerName =
System.Configuration.ConfigurationSettings.AppSettings["SigningKeyContainerName"];

                        //Set the CSP Provider Type PROV_RSA_FULL
                        csp.ProviderType = 1;

                        csp.Flags = CspProviderFlags.UseMachineKeyStore;

                        //Set the CSP Provider Name
                        csp.ProviderName = "Microsoft Enhanced Cryptographic Provider
v1.0";
                
                        return csp;
                }

I am also using IIS 6, Windows Server 2003 and an integrated
authentication.

When my ASP.NET app runs under Network Service, I give needed rights
to the folder
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys

All is ok.

Now I need to run my app under a user account (user created in the
domain). I give also read/write access to the folder C:\Documents and
Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

But I have the following error message :

CryptoAPI cryptographic service provider (CSP) for this implementation
could not be acquired

Moreover, if I add the User Account in the administrator group of the
server, it works.

My question is, which permission are necessary for my user account ?

Thanks !!

Relevant Pages

  • Re: Re: Viewing users logged into active directory.....
    ... 10492 » How can I record logon and logoff information in both the user account description and the computer account description? ... Which domain member computers do not have a user currently logged on? ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Nested groups
    ... There is 10 different settings for "User Account Control". ... Locally or with RDC on a Windows server 2008 or Windows server 2008 R2 UAC comes into play. ... However, when I double-click the folder, I get this dialog box "You ...
    (microsoft.public.windows.server.active_directory)
  • Re: Encryption File System on home network
    ... are part of the domain and your user account has a romaing profile. ... So can I set up the network to be a ... > Windows server instead (which I am not going to do for my ... >>different systems the SID for the account will not be the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows File Search help
    ... Can you try recreating a new user account and see if search is working ... I can only find the search key under the Current_User, ... >> Microsoft MVP: Windows Server ...
    (microsoft.public.windows.server.general)
  • Re: Setting up a network with Login access
    ... you can create a domain user account on the server and that user ... can be enabled to log onto some or all machines joined to the domain. ... in order to create a Windows domain you need a Windows Server OS - ... were you have to login in the workstation and it lets you in this login ...
    (microsoft.public.windowsxp.network_web)