Keyset_not_Found_Or_Acess_Denied

Hi,

After Long Long Research(not so Long only Few Days) I Found answer for KEYSET NOT FOUND AND ACESS DENINED(classic Asp and Asp.net Certificate Cryptographic) While Using CryptoCraphic With Certificates...

So Let Start The Solution

First We will Understand The Key Concept of .pfx File or Certificate File

Private Keys live in a File-Based Protected Store,
Certificates live in a Registry-Based Certificate Store


When certificate w/ private keys are installed from a .pfx file, the certs are installed in a registry-based certificate store, but the private keys are installed in a "protected store".

Each user account on a Windows system has it’s own certificate store (in the HKEY_CURRENT_USER branch). There is also a machine-wide certificate store in the HKEY_LOCAL_MACHINE registry branch. A cert can be installed to either one (or both).

If the cert is installed interactively via the certmgr.msc certificate management console into the HKEY_CURRENT_USER, the ASP IUSR process won’t find it.

Likewise, each user account on a Windows system has it’s own "protected store". (For those interested in more information about protected stores, Google "DPAPI" and you’ll find lots of info…) There is also a machine-wide "protected store".

If you import a .pfx interactively such that the private keys are saved to your interactive account’s "protected store", then they will not be accessible to ASP / ASP.NET, which is running in an IUSR account.

Know we Start Importing The .pfx File

You’ll import the PFX by using the Certificate Management Console, but for the
Local Machine, not for your current logged-on user account. Follow these
instructions to start the MMC for the local machine cert store:

1. Log on to the system as an administrator.

Know Once U have Logged

2. Click Start, click Run, type mmc, and then click OK.

3. On the File menu, click Add/Remove Snap-in, and then click Add.
























4. Under Snap-in, double-click Certificates, click Computer account, and then click Next.

5. Do one of the following:

6. To manage certificates for the local computer, click Local computer, and then click Finish.

7. To manage certificates for a remote computer, click Another computer and type
   the name of the computer, or click Browse to select the computer name, and then click Finish.

8. Click Close. Certificates (Computer Name) appears on the list of selected snap-ins
   for the new console.

Once U have Complete Above Step U will Find The Follwing Image..

9. If you have no more snap-ins to add to the console, click OK.

 10. To save this console, on the File menu, click Save.

Begin the PFX Import:

1) Right-click on the Personal folder,  located under "Certificates (Local Computer)",
and select All Tasks –> Import.

2) Click Next, browse to your .pfx file and select it. Make sure the "Files of type" dropdown is set to "*.pfx; *.p12;" so you can see the .pfx files. Click Next. Enter the password for your .pfx file. (I always mark the key as exportable.) Click Next. Use the "Personal" certificate store, which is the default and already selected. Click Next. Click Finish. That’s it.

Know You Finised Installation Of Certificate Know We Will Move To Step2 To Get Rid Of This
Irrating Error
1) Open Windows Explorer and navigate to the directory where the keys are located: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

2) Make sure you’re not using the "Simple File Sharing" mode in Windows Explorer. In the Windows Explorer Tools menu, select "Folder Options". Then select the "View" tab. Scroll down and make sure the "Use simple file sharing" checkbox is unchecked.















4) Right-click on the MachineKeys folder.
Select "Properties", then select the "Security" tab. (Note: If you didn’t turn off simple file sharing, you wouldn’t see the "security" tab.)

5) You’re going to add your IUSR_**** account and give it full permission. Click the "Add.." button. Type your IUSR account name and click "Check Names". Then click "OK".

6) The IUSR account is now listed. Select it and then check the "Full Control" checkbox (causing all the other Allow checkboxes to be selected). Then click "Apply".

You’ve done it. Now you can use that cert w/ private key in ASP or ASP.NET. You can also use any other certs imported into the Local Machine/Personal certificate store.

Know The error Which Occurs from Will We Not Here..

Hope This Blog Help Bugger Like Me How JUST KNOW WHO TO USE SERACH ENGININE FIND SOLUTION...