How to access CngKey in an ASP.NET Web application? RRS feed

  • Question

  • I want to access a named key in an ASP.NET MVC application but i am not able to access it.

    I create a key using powershell. please find below the code for that.

        #Create Cng Key Parameter and set its properties
            [System.Security.Cryptography.CngKeyCreationParameters] $cngKeyParameter =  [System.Security.Cryptography.CngKeyCreationParameters]::new()
            $cngKeyParameter.KeyUsage = [System.Security.Cryptography.CngKeyUsages]::AllUsages
            $cngKeyParameter.ExportPolicy = [System.Security.Cryptography.CngExportPolicies]::AllowPlaintextExport
            $cngKeyParameter.Provider = [System.Security.Cryptography.CngProvider]::MicrosoftSoftwareKeyStorageProvider
            $cngKeyParameter.UIPolicy = [System.Security.Cryptography.CngUIPolicy]::new([System.Security.Cryptography.CngUIProtectionLevels]::None)
            $cngKeyParameter.KeyCreationOptions = [System.Security.Cryptography.CngKeyCreationOptions]::MachineKey
            #Create Cng Property for Length, set its value and add it to Cng Key Parameter
            [System.Security.Cryptography.CngProperty] $cngProperty = [System.Security.Cryptography.CngProperty]::new($cngPropertyName, [System.BitConverter]::GetBytes(2048), [System.Security.Cryptography.CngPropertyOptions]::None)
            #Create Cng Key for given $keyName using Rsa Algorithm
            [System.Security.Cryptography.CngKey] $key = [System.Security.Cryptography.CngKey]::Create([System.Security.Cryptography.CngAlgorithm]::Rsa, "ExampleKeyName", $cngKeyParameter)
            Write-Output "CNG Key : ExampleKeyName - Created"

    The key gets created successfully but the same key is not getting accessed in web application using below code.


    Can anyone help?
    Monday, February 19, 2018 12:00 PM

All replies

  • run procmon during key creation and key access. I suspect it is storing the key in a location that IIS application pool user does not have access. 

    Visual C++ MVP

    Monday, February 19, 2018 1:52 PM
  • Hi Ronnie kapoor,

    Thank you for posting here.

    According to your question is more related to ASP.NET, you could post a new thread in ASP.NET forum for suitable support.

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions.

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, February 21, 2018 8:12 AM
  • Hi,

    I had found a way for that - use CngKey.Exists(Constants.EncryptionRsaGlobalKey, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey)

    Wednesday, February 28, 2018 11:38 AM