Unhandled exception. System.Security.Cryptography.CryptographicException: The key {....} was not found in the key ring

Question

I am using VS 2022 with dotnet core web api and below is my code in Program.cs for data protection.

string appName = "My_WebAPI";
var dataProtectionProvider = DataProtectionProvider.Create(appName);
IDataProtector dataProtector = dataProtectionProvider.CreateProtector(ApplicationConstants.ENCRYPTION_KEY);
string DbContext = dataProtector.Unprotect(builder.Configuration.GetConnectionString("DbContext"));

This code works perfectly fine in IIS express, but when I hosted in IIS I get the below error.

Unhandled exception. System.Security.Cryptography.CryptographicException: The key {....} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData)

Please help me to resolve this, I could not find any similar questions in DotNet Core 6. There were changes in "ConfigureServices" from DotNet Core 5 to 6. I managed to make it work for 6 but it worked only in DEBUG mode. After hosting to IIS, did not work.

Also, one more thing observed when I moved the project to a new folder, previously encrypted data were unable to decrypt. Not sure why is it so. I forgot to capture the exception.

EDIT Adding to the above, The data which was encrypted while running in IIS Express were not able to decrypt while running in IIS. Anyone faced the same issue ? I freshly tried to encrypt and decrypt after hosting in IIS it works and no exception found like The key {....} was not found in the key ring But I might have to connect my code base and debug the data which was encrypted from the application hosted in IIS.

Thanks.

https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings?view=aspnetcore-6.0 — shingo, Jan 10 '22 at 07:05

score 2 · Answer 1 · answered Jan 05 '23 at 18:53

I experience the similar issue while transferring data across programmes. It functions locally, but.net core prevents retrieving the encrypted value when hosted on a server. It functions when I add the data protection file storage.

You can use file storage, database stores, redis, and azure storage depending on your needs.(https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-7.0&tabs=visual-studio).

builder.Services.AddDataProtection()
  .SetApplicationName("App Name")
  .PersistKeysToFileSystem(new DirectoryInfo(@"C:\temp-keys\"))
  .ProtectKeysWithDpapi();

score 0 · Answer 2 · answered Jun 26 '22 at 14:41

0

Following steps should fix that:

In IIS Manager, Application Pool, Advanced Settings..., change Identity to Built-in account: NetworkService.
In IIS Manager, Application Pool, Advanced Settings..., change Load User Profile to True
Restart the IIS Server.

answered Jun 26 '22 at 14:41

Rahul Hadgal

1

It doesn't work in my case – tedebus Jun 08 '23 at 12:22
Sadly it didn't work for me either – mokumaxCraig Jul 08 '23 at 01:26

score 0 · Answer 3 · answered Aug 22 '23 at 22:14

I ran into this error when I changed the runtime of a project from .NET 6 to .NET 7 and deployed it to IIS.

The issue for me was client side. Clearing site data fixed the error. I suppose having the old cookies and/or local storage data from the .NET 6 app wasn't compatible with .NET 7.

Unhandled exception. System.Security.Cryptography.CryptographicException: The key {....} was not found in the key ring

3 Answers3