通过C#代码授予对RSA加密密钥的读取权限
[英]Grant read access to RSA encryption key through C# code
问题描述
I am currently using RSACryptoServiceProvider to encrypt the app.config sections especially the connection strings. 
我目前正在使用RSACryptoServiceProvider来加密app.config节,尤其是连接字符串。 The problem is, in a group policy environment the encryption occurs when the software is installed through the administrator account. 问题是,在组策略环境中,通过管理员帐户安装软件时会发生加密。 This doesn't allow the current user to decrypt the app.config sections as it doesn't have permission to access machine level key. 这不允许当前用户解密app.config节,因为它没有访问计算机级密钥的权限。
Right now I am using aspnet_regiis -pa "RSA key container" "User" to grant permission for a particular user to access the key container (ACL permission) 现在,我正在使用aspnet_regiis -pa“ RSA密钥容器”“用户”授予特定用户访问密钥容器的权限(ACL权限)
My question is: Is there a way to grant read access for current network user to access Machine level RSA key through C# code? 我的问题是:是否有一种方法可以授予当前网络用户通过C#代码访问计算机级别RSA密钥的读取权限?
I would like to implement this in C# application code so that the application doesn't crash because the current user doesn't have the necessary permission to read RSA encryption key. 我想在C#应用程序代码中实现此目的,以使应用程序不会崩溃,因为当前用户没有读取RSA加密密钥所需的权限。
1 个解决方案
解决方案1
0 2015-06-07 06:49:49
Apparently there is no way for a particular user with limited rights to access machine key unless he is given permission by an administrator level account. 显然,除非管理员级别的帐户授予其权限,否则对于具有受限权限的特定用户而言,无法访问其机器密钥。
Hence, if one installs the package through administrator account then the permission for the user needs to be granted explicitly through the administrator. 因此,如果通过管理员帐户安装软件包,则需要通过管理员显式授予用户权限。
Time to change encryption method :( 更改加密方式的时间:(
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.