Resolve Cryptographic Exception 'Keyset Does Not Exist or Access is Denied issue'

This blog shows how to resolve cryptographic exception 'Keyset does not exist or Access is denied issue'.

Look at this exception:

System.Security.Cryptography.CryptographicException (Keyset does not exist or Access is denied issue)

If your application is trying to access a certificate from certificate MMC where the certificate corresponds to a private key, you will probably encounter this cryptographic exception error (Keyset does not exist or Access is denied.) The reason behind this is the Private Key is saved in a special file system named as “Machinekeys” folder and it’s not readable for every user. You need to provide read access to the application pool’s user to the key.

Please find here easy steps to provide Read write access to IIS worker process,  impersonated user, and Network Service or any other account you want.

Step 1: Go to folder (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA).


Step 2: Open properties for MachineKeys Folder and go to Security Tab.

Step 3: Provide Read & execute and List folder contents permission for IUserand Network Service account.

IUserand Network Service

Once MachineKeys folder is granted for IIS worker process, impersonated user, and Network service, you will find that lock sign has gone for the folder MachineKeys.

MachineKeys folder