IIS,  CryptographicException,  Load User Profile

Resolve Cryptographic Exceptions in IIS

An IIS deployed application throwing a CryptographicException with the message System cannot find the specified file can be a perplexing issue.

  • Thulani S. Chivandikwa

    Thulani S. Chivandikwa

    A passionate .NET developer, devoted husband, and proud dad who finds joy in crafting elegant code and sipping on a perfect cup of tea. Join me on a journey through the world of technology and discover the art of balancing family, work, and the ever-evolving tech landscape.

    More posts by Thulani S. Chivandikwa.

    Thulani S. Chivandikwa

Thulani S. Chivandikwa

1 min read
Resolve Cryptographic Exceptions in IIS

Photo by Etienne Girardet on Unsplash

Resolve Cryptographic Exception in IIS

Situation

An IIS deployed application is throwing a CryptographicException with the message System cannot find the specified file. Not a very useful message now is it?!

Remedy

This is most likely because the Windows Cryptographic Service Provider was trying to store or load a key for a certificate in the user store, and since a profile was not available, a cryptographic context was not available. This means the Process model has the Load User Profile set to false.

⚠️ The Load User Profile setting only applies to user accounts. Service Accounts like NETWORK SERVICE and ApplicationPoolIdentity have special handling.

What exactly happens when I set Load User Profile in the IIS pool?

The user profile is loaded. This includes their cryptographic store, environment variables such as %TEMP%, and other ones.

To enable the setting

  1. Go to the IIS Manager

  2. Go to the application pool instance

  3. Click on Advanced settings

  4. Under the Process model, set Load User Profile to true

  5. Recycle the application pool and restart the linked web application for changes to reflect

Drunk on Monads: Great place to navigate the dev landscape © 2023