Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

RSACryptoServiceProvider

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
SvenAke@gmail.com - 07 Sep 2006 00:02 GMT
I'm trying this out usig ASP 2.0.
The public key part works ok but the private key request fails.

       CspParameters cspParams = new CspParameters();
       cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
       RSACryptoServiceProvider rsa = new
RSACryptoServiceProvider(cspParams);
       rsa.PersistKeyInCsp = false;
       string publickey = rsa.ToXmlString(false);
       string privatekey = rsa.ToXmlString(true);

[SecurityException: Request for the permission of type
'System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.]
  System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet) +0
  System.Security.CodeAccessPermission.Demand() +59

System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean
includePrivateParameters) +120
  System.Security.Cryptography.RSA.ToXmlString(Boolean
includePrivateParameters) +41
  _Default.Button2_Click(Object sender, EventArgs e) +112
  System.EventHandler.Invoke(Object sender, EventArgs e) +0
  System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
  System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument) +107

System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +7
  System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +11
  System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
+33
  System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+6953
  System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+154
  System.Web.UI.Page.ProcessRequest() +86
  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
+18
  System.Web.UI.Page.ProcessRequest(HttpContext context) +49
  ASP.license_aspx.ProcessRequest(HttpContext context) in
App_Web_4boqwxxn.0.cs:0

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+154
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +64


Any leads?
Reply to this Message
Joseph Bittman MVP MCSD - 13 Sep 2006 22:07 GMT
Sept. 13, 2006

That error message probably means your code doesn't have the Code Access
Security permissions required to read the private key... check out the .Net
Framework 2.0 Config snapin to evaluate your assembly to see which
permissions you get granted, and whether you need to grant your code more
security permissions.

This is the permission you need for your code:
System.Security.Permissions.KeyContainerPermission

Signature

                      Joseph Bittman
    Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM

Blog/Web Site: http://CactiDevelopers.ResDev.Net/

> I'm trying this out usig ASP 2.0.
> The public key part works ok but the private key request fails.
[quoted text clipped - 50 lines]
>
> Any leads?
Reply to this Message
SvenAke@gmail.com - 15 Sep 2006 09:51 GMT
Ok!

I'm new to this ASP.NET stuff - so, how do I grant the application more
permissions - it's a "code-behind" ASP thingy so I can't use the
snap-in or...

Rgrds

> Sept. 13, 2006
>
[quoted text clipped - 68 lines]
> >
> > Any leads?
Reply to this Message
Joseph Bittman MVP MCSD - 24 Sep 2006 05:20 GMT
Sept. 23, 2006

Hey - sorry for the delayed response....

 It is going to be a very very long post if I wrote out how to do it
securely :-).... check out my CAS blog entries (the bottom ones on this
page):

http://cactidevelopers.resdev.net/Product%20Guides/ProductBlog.aspx?GuideID=66dc
c35e-340a-18b0-69c8-45ed4f806c7e

This will help give you an idea of what you are up-against... and what to
research more.

Basically, you are going to have to move your code or change your CAS policy
or something to get greater permissions...... There are some really good
articles on MSDN, however, CAS is something which is very huge... so I'd say
grab 50 cups of coffee and be armed with many evenings of time :-).

Good luck! (Using this from ASP.Net means you'll have even bigger
problems.......)
Signature


                      Joseph Bittman
    Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM

Blog/Web Site: http://CactiDevelopers.ResDev.Net/

> Ok!
>
[quoted text clipped - 77 lines]
>> >
>> > Any leads?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.