Sign In  Sign Up Live-Chat
Aspose-Banner

CSP Exception


This page provides information on how to resolve the "CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired" exception. Please note that this resolution applies for all Aspose products although Aspose.Word is mentioned as an example.


Problem


When using a licensed version of Aspose.Word on a website server, an exception is thrown:

Server Error in <ApplicationName> Application

CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired

sometimes another excpeption is thrown:

CryptographicException: Access is denied.


Solution


  • Make sure there is a directory \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys exists, create it if needed.
  • Make sure Everyone has read and write permissions into this directory.


More Information


Aspose.Word tries to verify a digital signature on a license file and instantiates a .NET crypto provider. There is a behaviour (maybe a bug) in .NET in that the crypto provider always generates a key pair in its constructor. This is very inefficient behavior from .NET because Aspose.Word does not need a new key since it has a public key that it will use to verify the license, but nothing can be done to avoid the crypto provider generating a key every time.

The key pair created by the crypto provider is normally stored in a user profile, but an ASP.NET application usually runs under the ASPNET user account and this account does not have a user profile loaded. Therefore Aspose.Word instructs the crypto provider to store the key in the machine-wide key storage (recommended by Microsoft in this situation for any ASP.NET application).

For the .NET crypto provider to be able to store the key in the machine-wide, the above mentioned folder MachineKeys folder must exist and the ASPNET account must have permissions to write to it.

Please note this requirement is not specified to Aspose.Word, it is general for any ASP.NET application trying to use encryption algorithms provided by .NET that employ public/private key pairs.

Note that sometimes, if you upgraded from one Windows version to another, the new installation does not use the All Users folder (and the MachineKeys folder in it), but uses, for example All User.WinNT-S. Please double check with the upgrade and installation procedures of the operating system.


References


For more information see

http://support.microsoft.com/default.aspx?scid=kb;en-us;322371

http://support.microsoft.com/default.aspx?scid=kb;en-us;278381