We have several applications which use encrypted connection strings from with the machine.config on the server.
Now we are starting to experiment with RemoteApps, but are getting the error:
Whenever a non-Adminstrator user attempts to connect to the app.
How do I get a normal domain user to be able to access the encrypted connection strings in the server's machine.config via a RemoteApp?
I eventually was able to find that I needed to allow the user access to the RSAProviderName in order to decrypt the connectionStrings block. The answer came from this Microsoft Blog
“Failed to decrypt using provider ‘RsaProtectedConfigurationProvider’. Error message from the provider: The RSA key container could not be openedFortunately the ASPNet_regiis tool gives us the option to add users to the ACL of the key containers using the –pa parameter.
For example to give access to the ASPNET user
aspnet_regiis -pa “<key container name>” “ASPNET”
The <key container name> can be found in the machine.config under the <configProtectedData> under the property keyContainerName