error: Couldn't acquire crypto service provider context.

[winnie]

Hi, our customer said they always failed to connect to MySQL by SSL and get an error: Couldn't acquire crypto service provider context.
we internally use Devart.Data.MySql.MySqlConnection to connect to Mysql Server by SSL.
the connection string is: User=root;Password=1234;Connection Timeout=15;Pooling=false;Unicode=true;ssl ca cert=;ssl cert=;ssl key=;Server=10.154.10.78;Protocol=SSL
on my computer, I found when connection.open(), there's a folder named after <user SID> generated in the folder: C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\.
the newly generated folder name is: S-1-12-1-xxxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxx, and it is user's SID.

since I see it's located on userprofile folder, I think the customer should always have permission to write into his folder as well, or maybe it could be located in some other place?
I see this post on your forum: https://forums.devart.com/viewtopic.php?t=25128, and it is said the folder for generating SSL related folder is: ProgramData\Microsoft\Crypto\RSA' , different from my case.
so my question is:
1. where is the folder should be located? if you use a system variable to find the location, what is the system variable?
2. I see the folder in my working machine is empty, so why do you need to create this folder? If I use mysql's own client(mysql.exe) to created a SSL connection, I found no such folder is generated.
3. Is there some other reason for causing this error "Couldn't acquire crypto service provider context."?

[Shalex]

1. For the test purposes, right-click on the "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder > Properties > the Security tab and add Everyone with Full control. Does this fix the issue?

2. We remove the container immediately after establishing a connection to the server (in conn.Open()), and not wait for the end of the process execution. This decreases the probability of file cluttering. The container is created only during the authentication, and this is a very short period of time. Probably you won’t even notice this file.

[winnie]

Hi,
Thanks for your reply.
Before we let our customer tried what you said, I still have some questions.
In my own working computer, I found the special folder(named after user SID) is generated under " C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\", not the path you mentioned.

I had tried to disable the access to the folder you mentioned("C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys), I can still connect to MySQL by SSL.
But if I disabled the path C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA, the error throws.
So I am wondering which folder is the correct one for you to set up SSL connection.

[Shalex]

where is the folder should be located? if you use a system variable to find the location, what is the system variable?

dotConnect for MySQL uses the CryptAcquireContextA function. Its CRYPT_MACHINE_KEYSET flag determines container for the keys, the value depends on the type of process and operating system version. For example:

Code: Select all

UseMachineKeySet=(!Environment.UserInteractive && Environment.OSVersion.Platform == PlatformID.Win32NT && Environment.OSVersion.Version.Major >= 5);

The Environment.UserInteractive property reports false for a Windows process or a service like IIS that runs without a user interface. If this property is false, do not display modal dialogs or message boxes because there is no graphical user interface for the user to interact with.
So:
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" used for websites, services.
"C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\" used in other cases.