I get the following error when trying to access a web service using (for temporary reasons) an encrypted record system.web/identity:
Unable to decrypt using the DataProtectionConfigurationProvider provider. Vendor error message: RSA key container could not be opened.
I followed the steps found in the comments http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx and these are the steps I took:
- Added "xmlns =" http://schemas.microsoft.com/.NetConfiguration/v2.0 "" to the configuration attribute in the web.config web service
- Create a container using
aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp - The following has been added to web.config:
<configProtectedData>
<providers>
<clear />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,processorArchitecture=MSIL"
keyContainerName="DataProtectionConfigurationProviderKeys"
useMachineContainer="true" />
</providers>
</configProtectedData> - Granted access to the container for the IIS account key is running under:
aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "eca\iusr_xxxxx". I also granted access to an impersonated account (for example, one in the identification attribute) using the same command. - Then I encrypted the system.web / identity file:
aspnet_regiis -pef "system.web/identity" "C:\ddrive\EcaDevelopment\EcaApplicationsNet2\Projects\TASV2\Mainline\src\TASV2.WordToPdf.WebSvc" -prov "DataProtectionConfigurationProvider"
But when I try to run the test feed against the web service, I get:
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
What did I miss? Can I actually only encrypt the authentication tag? I can encrypt and use connectionStrings without problems ...
source
share