I would like to know how to create an ephemeral RSA key container. That about sums it up, but if you would like more details, read on.
What I have here is a key pair securely persisted in a SQL Server database because it needs to be shared among servers in a web farm. I've created an HttpHandler that performs some secure communications and simply loads the keys from the database into an instance of RSACryptoServiceProvider. I don't need any container persisted on the server, I just need an ephemeral container for the key pair so I can decrypt session keys. Right now, I'm specifying a container name (because, AFICT, its required) and PersistKeyInCsp = false. This has been working fine for several weeks now, but today I get the dreaded "CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired." error. This tells me I'm denied access for some reason. It was working fine last night (I swear it!) and this morning, this. I've stripped the code out into a test harness and it still happens, so it's not an IUSR/IWAM/ASPNET user problem. I'm running as an administrator, so how can I possibly be denied access today to a container I was just using yesterday? Why in the world is it being persisted, anyway? How do I get the system to leave me alone so that I don't have to worry about security I don't need?!? One more thing. I don't see the container file in the MachineKeys folder, so I'm either not allowed even to see it, or its not there and something else is causing the problem. My guess is the former, in which case, I probably have a forever-orphaned file out there somewhere (I could take ownership, but I don't know the ridiculously cryptic filename of the container). That's really no big deal, but it is terribly annoying to be denied access to something over which I'm supposed to be an administrator. Thanks for reading, -- Steve Johnson 3t Systems You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
