.net - RSACryptoServiceProvider CryptographicException System Cannot Find the File Specified under ASP.NET

Question

I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable).

When the IIS Application Pool is configured to use Network Service, everything runs fine.

However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
   at System.Security.Cryptography.RSA.FromXmlString(String xmlString)

The code is something like this:

byte[] input; 
byte[] output; 
string private_key_xml; 

var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size);
provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service

ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding

There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue.

Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1

Answer 1

I fixed this by setting "Load User Profile" to True (was False) in the Application Pool's Advanced Settings / Process Model section.

The application had been working perfectly on Server 2003 R2 / IIS 6 and the problem appeared as I was configuring it on our new 2008 R2 server.

Got the idea to try it at:

http://social.msdn.microsoft.com/forums/en-US/clr/thread/7ea48fd0-8d6b-43ed-b272-1a0249ae490f/

YMMV