RSACryptoServiceProvider 中已存在对象
我将源代码从一个应用程序复制到另一个应用程序,两个应用程序都在同一台计算机上运行。我还在两个应用程序中使用相同的字符串作为下面的容器名称。
是什么阻止我的新应用程序读取其他应用程序中保存的密钥?所有其他条件都是相同的,登录用户帐户等。
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = containerName;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
// Get error "object already exists" below.
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);
I copied the source code from one application to another, both running on the same machine. I am also using the same string for containerName below in both applications.
What is preventing my new application from reading the key that was saved in the other application? All other things are equal, logged in user account etc.
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = containerName;
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
// Get error "object already exists" below.
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您是否尝试向每个人授予权限,例如“Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys”中的文件的权限,如下所述:
http://social.msdn.microsoft.com/Forums/en/netfxbcl/线程/f7b9f928-a794-47f2-a5bd-9f64ca375040
Did you try to grant permissions to Everyone, for example, for files in "Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys", as it described there:
http://social.msdn.microsoft.com/Forums/en/netfxbcl/thread/f7b9f928-a794-47f2-a5bd-9f64ca375040
另一个解决方案是通过代码设置每个人的访问权限:
Another solution is to set access to everyone by code :
我遇到这个问题是因为我的 WCF 服务没有访问密钥库的权限。我按照此处找到的向用户授予 ASPNET 读取访问权限的说明解决了该问题: http://msdn.microsoft.com/en-us/library/2w117ede.aspx#Y898
I ran into this problem because my WCF service did not have permission to access the keystore. I got past the problem by following the instructions to grant the user ASPNET read access that I found here: http://msdn.microsoft.com/en-us/library/2w117ede.aspx#Y898
我最近在一台服务器 (Windows 2008 R2) 上部署多个 IIS 站点时遇到了这个问题。我们的环境中每个站点都在不同的应用程序池上运行,但在某些情况下,可以为这些池分配相同的标识。
如果密钥不存在,我们的应用程序将创建一个密钥,并将其放置在一个容器中,该容器的名称基于当前身份。第一个部署的站点始终有效,但如果我们将另一个站点部署到具有相同身份的另一个应用程序池中,则第二个站点将会失败。
事实证明,当存储密钥时,Windows 会向用户“IIS APPPOOL\AppPoolName”授予完全访问权限,而不是我们分配给池的身份。
因此,我们的解决方案是向容器授予当前身份的显式权限(这与@Webmixer的答案类似,唯一的区别在于
CryptoKeyAccessRule):I recently ran into this issue with multiple deployed IIS sites on a single server (Windows 2008 R2). Our environment has each site running on different application pools, but in some cases, those pools can be assigned the same identity.
Our application creates a key if one does not exist, and places it in a container with a name based on the current identity. The first deployed site always worked, but if we deployed another site into another app pool with the same identity, the second would fail.
Turns out that when the key is stored, Windows gives full access to the user "IIS APPPOOL\AppPoolName", and not the identity that we have assigned to the pool.
So, our solution was to give the container explicit permissions to the current identity (this is similar to @Webmixer's answer, the only difference is in the
CryptoKeyAccessRule):