mike55 Posted August 20, 2008 Posted August 20, 2008 I am using a windows 2000 server on which I am deploying a simple web application with some of the web.config elements encrypted. I have generated a machine level key container using the following: Aspnet_regiis �pc �CustomKeys� �exp I have exported the key to my server using: Aspnet_regiis �px �CustomKeys� �C:\temp\CustomKeys.xml� �pri and Aspnet_regiis �pi �CustomKeys� �C:\temp\CustomKeys.xml� I have granted access to the Custom Key Store to the ASPNET account using: Aspnet_regiis �pa �CustomKeys� �ASPNET� However, when I try to do the same for the "NT Authority\Network Service" account I am prevented from doing so. Apparently "NT Authority\Network Service" does not exist for Windows 2000 server. What should I be using instead? Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Nate Bross Posted August 20, 2008 Posted August 20, 2008 I think that "Network Service" should do it. I'm not sure that you need the "NT Authority" bit at the front. Quote ~Nate� ___________________________________________ Please use the [vb]/[cs] tags on posted code. Please post solutions you find somewhere else. Follow me on Twitter here.
mike55 Posted August 21, 2008 Author Posted August 21, 2008 Thanks for the reply Nate. "Network Service" is only available from Windows 2003 server onwards. I also tried to register the account using the aspnet_regiis -ga "Network Service" command but got back an error message telling me that the account does not exist. Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Administrators PlausiblyDamp Posted August 22, 2008 Administrators Posted August 22, 2008 What happens if you try to run the application? Are you getting any errors logged regarding the keystore? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
mike55 Posted August 25, 2008 Author Posted August 25, 2008 Getting a Parser Error Message: Failed to decrypt using provider 'Rawhide'. Error message from the provider: The RSA key container could not be opened. Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Nate Bross Posted August 25, 2008 Posted August 25, 2008 Are you doing any impersonation in your Web.config file? Do you have annoynmouse access setup for your site? if so, does that have use a specific account (like domain\specialuser)? If so, you may need to aspreg those accounts as well. Quote ~Nate� ___________________________________________ Please use the [vb]/[cs] tags on posted code. Please post solutions you find somewhere else. Follow me on Twitter here.
mike55 Posted August 26, 2008 Author Posted August 26, 2008 Allowed both of those accounts. I believe that what I am trying to do is not allowed by windows 2000 server. Trying to get access to a 2003 server and I am going to repeat the same steps and see from there. Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
mike55 Posted August 27, 2008 Author Posted August 27, 2008 Solved the problem, it would appear that I must register the name of the "CustomKey" rather than the Key name. Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.