3

I have encrypted two sections of a webconfig file, one is called connectionStrings and other is userAccount using the same Provider.

In my code connectionString section is decrypted just fine without any problem but when it comes to decrypt second section called userAccounts I get an error.

Here is the exact error message:

Failed to decrypt using provider 'AqueductDevProvider'. Error message from the provider: The RSA key container could not be opened.

Your help will be much appreciated.

Thanks

Here is the code in web config file

<configProtectedData>
    <providers>
        <add name="AqueductDevProvider"
             type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,&#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,&#xD;&#xA;processorArchitecture=MSIL"
             keyContainerName="AqueductDevKeys"
             useMachineContainer="true" />
    </providers>
</configProtectedData>

<connectionStrings configProtectionProvider="AqueductDevProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyName>Rsa Key</KeyName>
                </KeyInfo>
                <CipherData>
                <CipherValue></CipherValue>
                </CipherData>
            </EncryptedKey>
        </KeyInfo>
        <CipherData>
                <CipherValue></CipherValue>
        </CipherData>
    </EncryptedData>
</connectionStrings>
<userAccounts configProtectionProvider="AqueductDevProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyName>Rsa Key</KeyName>
                </KeyInfo>
                <CipherData>
                <CipherValue></CipherValue>
                </CipherData>
            </EncryptedKey>
        </KeyInfo>
        <CipherData>
                <CipherValue></CipherValue>
        </CipherData>
    </EncryptedData>
</userAccounts>

This is how I am trying to access information from UserAccounts section

System.Configuration.ConfigurationManager.AppSettings["AdminName"]; There is key in userAccounts that is called AdminName which is encrypted

kdnerd
  • 341
  • 3
  • 10
  • Show us the code and show us what you have tried. Currently you can only hope that somebody was in the same spot and had the same error message (did you try loading the key container once instead of twice - just an educated guess?) – Maarten Bodewes Aug 25 '13 at 10:49
  • I have added code to the question, I am loading the key container once, but i am using it decrypt two sections connectionStrings and userAccounts. I receive error when I am trying to access userAccounts section. I am very new to RSA encryption. Please let me know if I can provide more information. – kdnerd Aug 26 '13 at 18:25

1 Answers1

4

I was able to figure this out, apparently when the code was trying to retrieve the custom section it was running under the wrong user account(which was different when it tried to retrieve connectionStrings). I used the following code to find out which user account my code was running under when trying to access the custom encrypted section.

<% Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);%>

result was NT AUTHORITY\IUSR

After this all I had to do was run the following command under this directory

c:\Windows\Microsoft.NET\Framework\v4.0.30319>

aspnet_regiis.exe -pa "AqueductDevKeys" "NT AUTHORITY\IUSR"
jdhurst
  • 4,365
  • 1
  • 20
  • 21
kdnerd
  • 341
  • 3
  • 10