由网友(一夕意相左)分享简介：我有正在使用的RSACryptoServiceProvider来使用已知的专用密钥（存储在一个变量）的一些数据进行解密的应用程序。 I have an application which is making use of the RSACryptoServiceProvider to decrypt some dat...

我有正在使用的RSACryptoServiceProvider来使用已知的专用密钥（存储在一个变量）的一些数据进行解密的应用程序。

I have an application which is making use of the RSACryptoServiceProvider to decrypt some data using a known private key (stored in a variable).

在IIS应用程序池配置为使用网络服务，一切都正常运行。

When the IIS Application Pool is configured to use Network Service, everything runs fine.

然而，当我们配置IIS应用程序池，以根据不同的身份运行code，我们得到如下：

However, when we configure the IIS Application Pool to run the code under a different Identity, we get the following:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters)
   at System.Security.Cryptography.RSA.FromXmlString(String xmlString)

在code是这样的：

The code is something like this:

byte[] input; 
byte[] output; 
string private_key_xml; 

var provider = new System.Cryptography.RSACryptoServiceProvider(this.m_key.Key_Size);
provider.FromXmlString(private_key_xml); // Fails Here when Application Pool Identity != Network Service

ouput = provider.Decrypt(input, false); // False = Use PKCS#1 v1.5 Padding

有它试图通过阐明，你应该给用户读取访问本机密钥存储区来回答它的资源 - 但有没有明确的答案来解决这个问题。

There are resources which attempt to answer it by stating that you should give the user read access to the machine key store - however there is no definitive answer to solve this issue.

环境：IIS 6.0和Windows Server 2003 R2，.NET 3.5 SP1

Environment: IIS 6.0, Windows Server 2003 R2, .NET 3.5 SP1

推荐答案

事实上，你需要工作一个code这样

Indeed you need to work a code like this

CspParameters _cpsParameter;
RSACryptoServiceProvider RSAProvider;

_cpsParameter = new CspParameters();
_cpsParameter.Flags = CspProviderFlags.UseMachineKeyStore;

RSAProvider = new RSACryptoServiceProvider(1024, _cpsParameter);

下面的用户需要访问的文件夹：C： Documents和Settings 所有用户应用数据微软加密 RSA MachineKeys的

The following users need access to the folder: C:Documents and SettingsAll UsersApplication dataMicrosoftCryptoRSAMachineKeys

在IIS用户帐户（anonymmous） 您使用假冒您的应用程序在web.config中设置的用户帐户。

所以，现在，它正在对我罚款。

So now it is working fine for me.