No access to RSA Key container

6 October 2007

I was going to encrypt the connection strings in some web.config files on a production server. I followed the instructions in the MSDN Library 'Walkthrough: Encrypting Configuration Information Using Protected Configuration'

However when I ran

aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"

I got the following error:

Adding ACL for access to the RSA Key container...
Could not access the RSA key container. Make sure that the ACLs on the container
allow you to access it.

I was running the command under an administrator account, so I expected to have all the access in the world. I used Process Monitor to find out where the problem was: The file

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ d6d986f09a1ee04e24c949879fdb506c_34b3925e-0f96-4fb7-a312-e89b0b98f24a

Seems to have the RSA key and the ACLs of it allowed full access to SYSTEM and one other user that isn’t an administrative account. I added permissions for the Administrators group and now the command worked fine.

Pages in this section


ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows