Object already exists in RSACryptoServiceProvider

南笙酒味 提交于 2019-12-08 17:24:46

问题


I copied the source code from one application to another, both running on the same machine. I am also using the same string for containerName below in both applications.

What is preventing my new application from reading the key that was saved in the other application? All other things are equal, logged in user account etc.

     CspParameters cspParams = new CspParameters();
     cspParams.KeyContainerName = containerName;
     cspParams.Flags = CspProviderFlags.UseMachineKeyStore;

     // Get error "object already exists" below.
     RSACryptoServiceProvider  rsaKey = new RSACryptoServiceProvider(cspParams);

回答1:


Did you try to grant permissions to Everyone, for example, for files in "Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys", as it described there:

http://social.msdn.microsoft.com/Forums/en/netfxbcl/thread/f7b9f928-a794-47f2-a5bd-9f64ca375040




回答2:


Another solution is to set access to everyone by code :

CspParameters cspParams;
cspParams = new CspParameters(PROVIDER_RSA_FULL);
cspParams.KeyContainerName = CONTAINER_NAME;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
cspParams.ProviderName = "Microsoft Strong Cryptographic Provider";

CryptoKeyAccessRule rule = new CryptoKeyAccessRule("everyone", CryptoKeyRights.FullControl, AccessControlType.Allow);

cspParams.CryptoKeySecurity = new CryptoKeySecurity();
cspParams.CryptoKeySecurity.SetAccessRule(rule);



回答3:


I ran into this problem because my WCF service did not have permission to access the keystore. I got past the problem by following the instructions to grant the user ASPNET read access that I found here: http://msdn.microsoft.com/en-us/library/2w117ede.aspx#Y898




回答4:


I recently ran into this issue with multiple deployed IIS sites on a single server (Windows 2008 R2). Our environment has each site running on different application pools, but in some cases, those pools can be assigned the same identity.

Our application creates a key if one does not exist, and places it in a container with a name based on the current identity. The first deployed site always worked, but if we deployed another site into another app pool with the same identity, the second would fail.

Turns out that when the key is stored, Windows gives full access to the user "IIS APPPOOL\AppPoolName", and not the identity that we have assigned to the pool.

So, our solution was to give the container explicit permissions to the current identity (this is similar to @Webmixer's answer, the only difference is in the CryptoKeyAccessRule):

CspParameters cspParams;
cspParams = new CspParameters(PROVIDER_RSA_FULL);
cspParams.KeyContainerName = CONTAINER_NAME;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
cspParams.ProviderName = "Microsoft Strong Cryptographic Provider";

CryptoKeyAccessRule rule = new CryptoKeyAccessRule(System.Security.Principal.WindowsIdentity.GetCurrent(), CryptoKeyRights.FullControl, AccessControlType.Allow);

cspParams.CryptoKeySecurity = new CryptoKeySecurity();
cspParams.CryptoKeySecurity.SetAccessRule(rule);


来源:https://stackoverflow.com/questions/4763628/object-already-exists-in-rsacryptoserviceprovider

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!