Posted: 6/20/2011
Hi.
When I try to execute code below I got an error 'Internal error occurred.'
certificate = new X509Certificate2( p12FileBytes, p12FilePassword );
and when I made change to certificate = new X509Certificate2( p12FileBytes, p12FilePassword,X509KeyStorageFlags.MachineKeySet );
I got another error 'Access Denied.'
How can I fix it?
In advance THANKS FOR HELP!
Regards,
Stepan.
Hi Stephan,
Posible solution to this problem is to use another constructor that takes a X509KeyStorageFlags value as a parameter:
X509Certificate2 cert = new X509Certificate2(certBytes, string.Empty, X509KeyStorageFlags.MachineKeySet);
This might solve the issue both for when running under the Network Service account as well as running under a user account with restricted access.
Best Regards,
Gjorgji Dimitrov
Hi Gjorgji Dimitrov.
When I use X509KeyStorageFlags.MachineKeySet I got an error "Access denied".
Hi Stepan,
This is a security permission issue.
The problem is: User ASPNET needs change right on folder
D:\Document and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys
Actually, the problem is due to the different process/security model of Casinni(VS 2005 test server) or IIS based ASP.NET web application.
For IIS hosted ASP.NET applications, the worker process is running under the ASP.NET worker process account. Default one is machine\ASPNET(for IIS5) or NetworkService(for IIS6). These services account are not powerful normally.
While using the VS 2005 test server(casiini), it is actually a .net winform application, so the ASP.NET application hosted in testServer is running under the current logon user account which is always a powerful user account, so you will bypasing many security issue under this condition.
I solved problem by modify ApplicationPool->identity to LocalService.
