[ACCEPTED]-The RSA key container could not be opened" Error even after ACL Permission (for some users)-windows-server-2008
Following is an approach I tried which does 12 not involve Machine config.
Note: If the 11 destination is in Windows Sever 2008, the 10 encryption steps need to be executed in 9 a Windows Server 2008 itself.
Executed the 8 below codes in server A
Note:- Registering 7 key
cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pc "MyProjectKeys" -exp
Note:- GRANTING ACCESS on SERVER A only
aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"
Exported 6 XML file containing RSA Key
aspnet_regiis.exe -px "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml –pri
Added the following 5 in web.config
<configProtectedData>
<providers>
<clear/>
<remove name="RSAProtectedConfigurationProvider" />
<add name="RSAProtectedConfigurationProvider" keyContainerName="MyProjectKeys"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
 processorArchitecture=MSIL"
useMachineContainer="true" />
</providers>
</configProtectedData>
Encrypted
aspnet_regiis -pef "connectionStrings" "E:\wmapps\webroot\myservice" -prov "RsaProtectedConfigurationProvider"
Copied the encrypted 4 files in B Server. Copied the key xml file 3 into the B Server.
Created batch file with 2 the following commands and Executed (for 1 Key registration and granting access)
c:
cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pi "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml
aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"
If you have impersonation enabled, the RSA 6 key container will be accessed using the 5 identity of the user accessing the application---not 4 Network Service.
You'll either need to disable 3 impersonation, or add all the users that 2 can access the application to the ACL of 1 the key container.
In my case, I had made my connection strings 13 encrypted using ASPNET_REGIIS. I had one 12 last application I finally got around to 11 modifying to move from an older server to 10 this server where encryption key was used. There 9 was an older version of this application 8 deployed already but not used. When I deployed 7 (Published) the latest version to the server, I 6 used the Replace method instead of delete. I 5 came across this error, and stumbled here. None 4 of the solutions worked for me.
My Fix: so 3 I decided to clear the contents of the application 2 folder, and re-publish.
Doing so corrected 1 my issue.
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.