Last post Feb 03, 2010 04:10 AM by jkirkerx
Aug 02, 2007 08:59 AM|gaurang_gr|LINK
We have web farm scenario and connection string is
encrypted using RSA.
It's working fine on server, but some time (1 case out of 20 cases) iIt shows error like:
"Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened"
- Windows 2003 server (2 servers - web farm).
- .NET Framework 2.0.
- Connection string encrypted using RSA, I followed steps as given in
- XML file exported from one server and imported on another server.
- Given rights using aspnet_regiis -pa "CustomKeys" "NT Authority\Network Service"
on both the server.
any suggestion on this.
Aug 02, 2007 11:19 AM|Suprotim Agarwal|LINK
Aug 02, 2007 11:50 AM|gaurang_gr|LINK
Thanks for reply.
When I deployed my application at that time I had followed all the steps same as link suggested by you.
But problem is:
I am getting this error only some time (Rarely) mostly my application working fine. Suppose I get an error on any page and at the same time if I refresh that page the error gone and I got that page working fine [:)]. Suppose I have done
mistake in deployment, then it should not worked all the time. But it is working fine most the time.
Aug 02, 2007 11:57 AM|Suprotim Agarwal|LINK
Post your web.config file with the RSA configuration.
Aug 03, 2007 06:09 AM|gaurang_gr|LINK
As I can not post whole web.config, I am posting only connection string section. Please let me know if you need any other section of the web.config file.
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=126.96.36.199, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
Aug 03, 2007 03:21 PM|Suprotim Agarwal|LINK
You config looks ok. Do one thing. Try adding the <clear/> tag after <providers>
Check and see if it works fine.
Aug 06, 2007 10:23 AM|gaurang_gr|LINK
Thanks for giving me reply.
I tried your suggestion (<clear />), but still facing the same problem.
Is there any security issue? I have given permission to only "NT Authority\Network Service" user. Is there any other user to whom need to give permission?
Aug 07, 2007 02:26 AM|Rex Lin - MSFT|LINK
Aug 07, 2007 04:48 AM|gaurang_gr|LINK
Hi Rex Lin
I have already followed all the steps for
web farm… Exported XML file from production server and
imported XML file on both the web server, given access rights to Network Services.
Feb 14, 2008 12:46 PM|micjohny|LINK
Excellento. Thank you
Rex Lin - MSFT
I have been trying to Learn WCF and have tried to create a simple WCF service using Enterprise Library Framework and consume it in a client application. Unfortunately i have been struggling with the same error - "Failed to decrypt using provider 'RsaProtectedConfigurationProvider'.
Error message from the provider: The RSA key container could not be opened" , when I run my client.
My workstation is a Windows 2003 Standard server. I tried various forums and even the aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET" . But no help. Today after reading your comment, i tried the following:
aspnet_regiis -pa "NetFrameworkConfigurationKey" "Network Service" and GUESS WHAT!!!!!!!!!!!!
It WORKED!!!!!!!!!!!!! PHEW!!!!!
Windows 2003 Server
Windows Server 2003
web service configuration
Jan 28, 2010 12:15 AM|neerajkgupta1|LINK
You have to give permission to CustomKeys also that you have created.
aspnet_regiis -pa "CustomKeys" "your domain account"
Encrypt / Decrypt Web.Config file
Feb 03, 2010 04:10 AM|jkirkerx|LINK
Change your code to issue a retry if the key fails, test and make sure the key is good before using it.
With web farms, load balancing, clusters, your code has to be really tight to work.
Looks like a code failure under a heavy load. You failed the stress test.