views:

309

answers:

1

Hi,

I've been developing an ASP.NET site on an older machine running XP home. I recently got a new Win 7 PC and moved all my project files across. When I try and run the project, I get this error message:

"Failed to decrypt using provider 'MyRsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened."

I realised that I encrypted parts of my web.config file using a RSA encryption. This is where the problem now lies. I'm not sure how to get that key working again so that I can use it on my new machine. I exported the key from the older machine and imported it using:

aspnet_regiis -pi "RSAProviderName" "C:\RSA_configkey.xml"

This was imported successfully. I then ran the project, but the same error message came up. I figured it might be a permission thing, so I ran:

aspnet_regiis -pa "RSAProviderName" "\Desktop" -full

This was also successful, but I still get the error. From reading around, I've seen people use "ASPNET" instead of "\Desktop" (Desktop is my machine name). However, when I try and use "ASPNET", I get:

No mapping between account name and security IDs was done. <Exception from HRESULT = 0x80070534

I can't work on the project until this is fixed, so any help is much appreciated. Thanks!

+2  A: 

If you still have access to the older machine, you could always decrypt the configuration section on that machine, then copy the unencrypted config file to the new machine (and, if necessary, re-encrypt the file on the old machine).

On Windows 7, the account under which your IIS application pools run by default will likely be ApplicationPoolIdentity (as opposed to ASPNET). To grant permissions, try this:

aspnet_regiis -pa RSAProviderName "IIS APPPOOL\DefaultAppPool" -full

By the way, if you do decide to persevere with copying the key from the old machine to the new one, you should make sure that, when exporting, you export the private key data too:

aspnet_regiis -px RSAProviderName C:\RSA_configkey.xml -pri

And, optionally, to make the key data exportable during the import:

aspnet_regiis -pi RSAProviderName C:\RSA_configkey.xml -exp
Dave Cluderay
Thanks for the help. I should have access to the older machine within the next hour, so will try this method. On a side note, what's the best way to reset the permissions I've granted (such as to `\desktop`)? Not too important since I'm the only user of the machine, but might be better.
keyboardP
Thanks, that's fixed the problem!
keyboardP
You're welcome. To revoke permissions, you can use aspnet_regiis again with the `-pr` switch. Alternatively, find the file under `C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys` and change the premissions through Windows.
Dave Cluderay
Thanks again Dave, great help :)
keyboardP