Hi all,

The other day a customer of mine had an interesting issue: a specific user runs their application for the first time without problem on a machine. Any other user can run the app without problems on the same machine, too. If that specific user is deleted from the machine, any other user will get the following exception when the application tries to create an RSACryptoServiceProvider object:

System.Security.Cryptography.CryptographicException: CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired.

Crypto keys associated to the RSACryptoServiceProvider object are being created in the machine store (instead of the user's profile) thanks to CspProviderFlags.UseMachineKeyStore flag being passed to RSACryptoServiceProvider.

When checking my post Key Containers: Basics, they found the issue:

My post explains how to read the container name of key files stored in our system. When looking for the problematic key file associated to the container name used by their RSACryptoServiceProvider object, they got an Access Violation error when accessing a specific file. Then they tried to see the permissions on that file, but they got an error message because the original owner of the file was not present anymore on the machine. So my customer set himself as the owner of the file and set proper permissions on it. They verified that it was the key file they were looking for and thanks to the new permissions on the file, all other users can access those keys with RSACryptoServiceProvider and without errors.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)