Programatically allowing Windows service to decrypt config file

Question

I've got a Windows service that needs to decrypt a config file, which I've encrypted on the same computer. (It doesn't need to be exportable.) I've been trying to overcome the ol' "The RSA key container could not be opened" error. I was able to do it manually:

c:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"

but I need to accomplish this programatically. Based on two posts (one from SO and the other from CodeProject), I tried this:

private void GrantAccessToDecryptConfigFile()
{
    // programatically execute this command:
    //      c:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"

    string command = "-pa";
    string keyName = "NetFrameworkConfigurationKey";
    string userName = @"NT AUTHORITY\NETWORK SERVICE";
    string arguments = string.Format("{0} \"{1}\" \"{2}\"", command, keyName, userName);

    var psi = new ProcessStartInfo(@"C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe")
    {
        Arguments = arguments,
        UseShellExecute = false,
        CreateNoWindow = true
    };
    Process.Start(psi);
}

...but I'm still getting the same error when the Windows service tries to read the config file. What am I doing wrong?

Answer 1

I think all you need is a user with administrator privileges to run the Windows service. I'm guessing you run that command on an elevated command prompt because that's the only way I could make it work.

Similarly when I tried to run it on Visual Studio I got the same error. I started the Visual Studio with "Run as Administrator" and it succeeded.