Exception Details: System.Security.Cryptography.CryptographicException: Access is denied.
Source Error:
Line 24: RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
Line 25: Response.Write("<textarea style=\"width:100%;height:500\">");
Line 26: Response.Write(csp.ToXmlString(true));
Line 27: Response.Write("</textarea>");
Line 28: Response.Write("OK!");
You are dealing with a Trust Error. There is nothing wrong with the code. I am willing to bet you are running off a shared server from a Hosting Company. The problem is the RSACryptoServiceProvider method ToXmlString requires the permission
which demands Full Trust if you want to export the private Parameters. Basically, your server is not giving you permission to export the Private Parameters because that will expose the private parameters of the entire machine, which could compromise the security.
So the hosting company disabled it in the machine.config file by setting the trust level below Full, probably to Medium and disabled overriding it with the web.config file. If the server were running at full trust, it would work perfectly. However, this code
will execute on a Medium trust server:
However, if you have full control over the server and you aren't working a shared environment, it is a matter of setting the <trust /> element in the machine.config file or the web.config file (if it is overridable). If you are in a shared environment with
a 3rd party hosting company, then for the lack of a better word, you are SOL. Sorry I couldn't "fix" your problem.
Unfortunately, FromXmlString requires the same permissions. Maybe there is something better than the RSACryptoServiceProvider that we can use. What are you trying to do? Perhaps there is something better that can be used.
In case you are wondering why it blocks this as well, it is because if you import a private key, it would have to persist it in the Server's Key Container.
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.KeyContainerPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Unfortunately, FromXmlString requires the same permissions. Maybe there is something better than the RSACryptoServiceProvider that we can use. What are you trying to do? Perhaps there is something better that can be used.
I am trying to use SignedXml to create Signature.
SignedXml sXml = new SignedXml(this._doc);
sXml.SigningKey = csp;
here SigningKey need a RSACryptoServiceProvider object.
Meaning that they have disabled you from using that configuration element. And rightfully so, a hosting company would never let anyone override their security policy. There is no
work around. You cannot use the ExportParameters or ImportParameters either. In fact, I beleive you are not allowed you use anything that uses a Key Container and functionality with the private key. I believe you are going to have to come up with an alternative.
I modify Web.Config to add <trust level="Full" /> to it.
There is also this exception: CryptographicException: Access is denied.
That is to say:
Use <trust level="Full" /> and don't use this setting,
there is the same exception. So I think perhaps that this setting is not the reason for the exception.
For my local machine, setting <trust level="Full"
/> is exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config. Not in machine.config. Right?
chequan
Member
220 Points
49 Posts
CryptographicException: Access is denied.
Apr 21, 2006 12:55 AM|LINK
Exception Details: System.Security.Cryptography.CryptographicException: Access is denied.
Source Error:
Line 24: RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
Line 25: Response.Write("<textarea style=\"width:100%;height:500\">");
Line 26: Response.Write(csp.ToXmlString(true));
Line 27: Response.Write("</textarea>");
Line 28: Response.Write("OK!");
Source File: d:\webhosting\wwwroot\Default.aspx.cs Line: 26
Stack Trace:
[CryptographicException: Access is denied.
]
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +1459516
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +55
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +79
System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters) +38
System.Security.Cryptography.RSA.ToXmlString(Boolean includePrivateParameters) +41
_Default.Page_Load(Object sender, EventArgs e) in d:\webhosting\clients\chequan\wwwroot\Default.aspx.cs:26
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +34
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061
vcsjones
All-Star
34842 Points
4424 Posts
Moderator
MVP
Re: CryptographicException: Access is denied.
Apr 21, 2006 08:30 PM|LINK
RSACryptoServiceProvider csp = new RSACryptoServiceProvider(); Response.Write("<TEXTAREA style="HEIGHT: 500px; "width: 100%">"); Response.Write(csp.ToXmlString(false)); Response.Write("</TEXTAREA>");However, if you have full control over the server and you aren't working a shared environment, it is a matter of setting the <trust /> element in the machine.config file or the web.config file (if it is overridable). If you are in a shared environment with a 3rd party hosting company, then for the lack of a better word, you are SOL. Sorry I couldn't "fix" your problem.chequan
Member
220 Points
49 Posts
Re: CryptographicException: Access is denied.
Apr 22, 2006 12:38 AM|LINK
Thanks very much!
I am in a shared environment with a 3rd party hosting company. But bellow codes is also this exception:
RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
csp.FromXmlString(strKeyPairs); // strKeyPairs is my private and public key pairs
There is the same exception for above codes. This codes don't need export the Private Parameters.
Now, how can I resolve this exception for above codes(only FromXmlString, not ToXmlString)? Thanks very much!
vcsjones
All-Star
34842 Points
4424 Posts
Moderator
MVP
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:01 AM|LINK
vcsjones
All-Star
34842 Points
4424 Posts
Moderator
MVP
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:05 AM|LINK
chequan
Member
220 Points
49 Posts
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:14 AM|LINK
Now I modify Web.Config, add above item to it:
<trust level="High" />
And now there is a new exception:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.KeyContainerPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
chequan
Member
220 Points
49 Posts
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:23 AM|LINK
Thank you very much!
I am trying to use SignedXml to create Signature.
SignedXml sXml = new SignedXml(this._doc);
sXml.SigningKey = csp;
here SigningKey need a RSACryptoServiceProvider object.
Have you some ideas for this? Thanks very much!
vcsjones
All-Star
34842 Points
4424 Posts
Moderator
MVP
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:29 AM|LINK
vcsjones
All-Star
34842 Points
4424 Posts
Moderator
MVP
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:42 AM|LINK
OK, here is question number one: Are you sure you need to specify your own private key? Why not use the server's private key?
chequan
Member
220 Points
49 Posts
Re: CryptographicException: Access is denied.
Apr 22, 2006 01:47 AM|LINK
I modify Web.Config to add <trust level="Full" /> to it.
There is also this exception: CryptographicException: Access is denied.
That is to say:
Use <trust level="Full" /> and don't use this setting, there is the same exception. So I think perhaps that this setting is not the reason for the exception.
For my local machine, setting <trust level="Full" /> is exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config. Not in machine.config. Right?