By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,948 Members | 852 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,948 IT Pros & Developers. It's quick & easy.

Strange Windows 2000 behavior found with ASPNET permissions?!?

P: n/a
Has anyone else come across this?

We are building an ASP.Net application that uses a certficate in the local
machine store to sign XML data before transmitting it to a third-party. The
third party application was getting an "invalid signature" error upon
verification of the signature in our Test environments. I thought perhaps
our Production (www) certificate version was being used instead, so I
exported it from the Production server and tried importing it into Test. I
got this error:

"An internal error occurred. The private key that you are importing might
require a cryptographic service provider that is not installed on your
system."

As it turned out, it was the ASPNET account permissions that I had added to
the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys folder that was the culprit! When I
remove those permissions, I was then able to import the key and readd the
permissions. The exact permissions I added to the MachineKeys Folders were:

ASPNet (Read & Execute / List Folder Contents / Read) to "this folder,
subfolders and files". I also tried to reproduce the original error using a
different set of permissions on ASPNET as indicated by
http://support.microsoft.com/default...b;en-us;327587 (slightly
different scenario, but similar), but this too caused the error on import.

If this expected behavior when setting permissions on MachineKeys? If so,
I'm surprised there aren't more articles on the web about it.

Happy coding to all!

Michael Bigos
Lead Web Application Developer
The Ayco Company, L.P.
mb****@ayco.com
Nov 18 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.