none
System.Security.Cryptography.CryptographicException: The system cannot find the file specified

    Question

  •  

    Hi,

     

    When i tried to use a third party web service  using IIS  , i am getting the following Error


    Exception Details: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.


    [CryptographicException: The system cannot find the file specified.
    ]
       System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +1459868
       System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +55
       System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +79
       System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters) +38
       System.Security.Cryptography.RSA.ToXmlString(Boolean includePrivateParameters) +41
       Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.a() +158
       Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.RequestLogin(String reasonMessage) +200
       Globeranger.EdgeServices.Security.Runtime.Client.ClientSession.GetNewSecureSessionToken(Boolean attemptLogin) +148
       Globeranger.EdgeServices.Security.Runtime.Client.SecureInvoker.Invoke(ClientSession session, WebServicesClientProtocol service, String methodName, Boolean attemptLoginIfNeeded, Object[] args) +90
       Globeranger.EdgeServices.Security.Runtime.Client.SecureInvoker.Invoke(ClientSession session, WebServicesClientProtocol service, String methodName, Object[] args) +15
       Globeranger.EdgeServices.Ale.Runtime.Client.AleServerProxy.SendCommandEvent(String target, CommandEvent commandEvent) +216
       MidWareGlobeRanger.CommandEventSender.SendCommandEvent(String groupName, CommandEvent commandEvent) +40
       MidWareGlobeRanger.CommandEventSender.SendSuspendEvent(String groupName) +63
       RSC_Home.Page_Load(Object sender, EventArgs e) in c:\RSC_RFID_GUI\RSC_Home.aspx.cs:118
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +34
       System.Web.UI.Control.OnLoad(EventArgs e) +99
       System.Web.UI.Control.LoadRecursive() +47
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061


    Any solution for this?

     

    Regards
    Abraham

    Monday, June 25, 2007 9:35 AM

Answers

All replies

  • according to the documentation you would get this if "The key cannot be exported":

    http://msdn2.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.exportparameters.aspx

     

    hopefully this helps, if not please send more details on what "Globeranger.EdgeServices.Security.Runtime.Client" is doing.

    Monday, June 25, 2007 6:59 PM
  • Hi  ranamauro,

     

     

    The problem occured due to some user priveledge issues in IIS , So i reconfigured IIS  and got it resolved .

     

    Globeranger.EdgeServices.Security.Runtime.Client is  third party component   that we are using to  access the web Methods .

     

    Cheers

    Abraham

     

    Tuesday, June 26, 2007 5:21 AM
  • You wouldn't be able to elaborate on those IIS privilege settings?  I've a feeling that I'm running into a similar problem with IIS 7.0.

    DL

    Thursday, July 05, 2007 8:54 AM
  • Hi, i ve got exactely the same exeption when i try my web site on my server. :

    CryptographicException: The system cannot find the file specified.
    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters parameters) at System.Security.Cryptography.RSA.FromXmlString(String xmlString) at Registration.EncryptAndSign(String strOriginalMessage, String KeySender, String KeyReciever) in c:\Inetpub\vhosts\uplay-istrip.com\httpdocs\upis\Registration.aspx.cs:line 175

    When i try it on my PC with Visual Web Developer, it works fine...

    So can u please tell me what did u change in your iss configuration?
    It would be really helpful.
    Thanx
    Laura.
    Friday, July 06, 2007 6:45 PM
  • How I worked around the problem:

    Under IIS 5.x/6.0, simply give the user running the ASP.NET process access to the machinekey store, or change to an interactive user.  I.e. one with Document and Settings folder with their desktop.

    Under IIS 7.0, first, don't run using ASP.NET impersonation.  I.e. disable impersonation.  Second, follow suggestion for 5.x/6.0.
    Monday, July 09, 2007 12:12 PM
  • hi

    thanx for your answer.

    in fact, I ve found another solution. I don t really understand how, but it perfectly works :

    instead of writing :

    RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

    i wrote :

    CspParameters CSPParam = new CspParameters();

    CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;

    RSACryptoServiceProvider rsa;

    if (System.Web.HttpContext.Current == null) // WinForm

    rsa = new RSACryptoServiceProvider();

    else // WebForm - Uses Machine store for keys

    rsa = new RSACryptoServiceProvider(CSPParam);

     

    Hope it can help.

     

    • Proposed as answer by nobot Friday, August 15, 2008 12:20 AM
    Monday, July 09, 2007 12:19 PM
  • Hello,
        In case you are working with the IIS 7, the solution for me was to change application pool's settings to load its identity profile. The command that does this is as follows:

    appcmd set apppool "AppPoolName" -processModel.loadUserProfile:true 

        I had a problem with gaining access to certificate's private key under the account of the application pool in the context of a web service execution. The certificate was to be acquired from application pool's user personal certificate store.

    Greetings,
    Cezary
    • Proposed as answer by chanmat Monday, November 10, 2008 5:13 AM
    Tuesday, July 01, 2008 1:28 AM
  • Hi,

    Thanks for LauraB's post.  However when I followed her posted answer it was not working for me when using DSACryptoServiceProvider.  I got this exception:

    Exception information:
    Exception type: CryptographicException
    Exception message: Bad Version of provider.

    As a test, I tried specifying the KeyContainerName but another exception occurs: 

    Exception information:
    Exception type: CryptographicException
    Exception message: The specified cryptographic service provider (CSP) does not support this key algorithm.

    Finally I specified the provider type code and it all works.  Complete Code is:

    // Cryptograpy parameters
    // Specify 13 for DSA procider type
    CspParameters CSPParam = new CspParameters(13, null, null);
    CSPParam.Flags =
    CspProviderFlags.UseMachineKeyStore;
    CSPParam.KeyContainerName = "Your Container Name";
    DSACryptoServiceProvider DSA;
    if (HttpContext.Current == null) // WinForm
    {
        DSA =
    new DSACryptoServiceProvider();
    }
    else // WebForm - Uses Machine store for keys
    {
        DSA =
    new DSACryptoServiceProvider(CSPParam);
    }

    Not sure why Microsoft don't have any info. on this, it took me some time to figure it all out.

    Hope this help.

    Monday, November 10, 2008 5:30 AM
  • CezaryK said:

    Hello,
        In case you are working with the IIS 7, the solution for me was to change application pool's settings to load its identity profile. The command that does this is as follows:

    appcmd set apppool "AppPoolName" -processModel.loadUserProfile:true 

        I had a problem with gaining access to certificate's private key under the account of the application pool in the context of a web service execution. The certificate was to be acquired from application pool's user personal certificate store.

    Greetings,
    Cezary



    I just ran into this problem, and CezaryK's suggestion solved it for me.
    Wednesday, March 18, 2009 2:57 PM
  • My solution:
    change Application Pool to "Classic .NET AppPool" in IIS settings
    Thursday, October 15, 2009 8:51 AM
  • For those running into this issue on a Windows Web Server 2008 R2 website.. steps to follow:

    Open Internet Information Services Manager (IIS 7)

    Open Application Pools

    Select relevant Appool

    Change Managed pipeline mode to 'Classic'

    Open Advanced Settings of the apppool and change the Identity to NetworkService

    Recycle the apppool and hopefully that should sort it..

    Wednesday, October 20, 2010 8:18 AM
  • We are seeing the same exception occur on one of two web servers setup as a small web farm with ISA Server in front.

    We didn't see this issue until recently when the farm was moved to a new (remote) domain. Before that, things were running fine for 2+ years.

    I can reproduce the issue in my dev environment, by deleting the Application Pool user profile for the web site, and

    can correct it by re-creating the user profile. (Decryption requires access within the User Profile to do it's work?)

    We cannot determine why one machine works fine and the other doesn't. The bad machine has been rebuilt.  This is in a test region. We also have the same setup going in production, which is working perfectly.

    This is an intermittent issue. After we rebuild the bad machine, the decryption works for a while, then fails. It's almost like the user profile is disappearing. We've done some compares between the two machines but cannot see any significant difference. They are manually setup.

    We've exhausted our diagnostics. My opinion is that it is a configuration or environmental issue. Our code base hasn't changed in 2+ years.

    Any suggestions?

    Wednesday, December 01, 2010 1:40 PM
  • Hello epaetz41,
    I wonder if you have solved your problem? If you have, what did you do to solve it?

    It seems like we are having the same problem with the same set-up. We have two web servers (win 2008 r2 and IIS 7.0) and an ISA server in front. One web server is working fine but the other one is giving this error all the time.
    System.ServiceModel.Security.MessageSecurityException: Message security verification failed.
    System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

     

    any suggestions


    Regards, Joacim
    Monday, July 11, 2011 11:20 AM
  • It's not necessary to run this command line. Just go to advanced settings of application pool and switch boolean from false to true.
    Tuesday, April 17, 2012 10:41 AM
  • We were running into a similar situation that a third party setup requirements said .net 3.5 SP1 was required.  Since our server was all up to date, we chose .net 2.0 (since 3.5 is an extension of 2.0).  We couldn't figure out why we were getting this error.  Then on an off chance, we switched to .net 4.0 and everything started working.  What I believe is happening is the 3.5 SP 1 version of .NET isn't being use by IIS.  Our next step is to re-register our .net versions in IIS and see if we can then use the 2.0 option.
    Tuesday, December 11, 2012 12:34 AM