问题
We are using ClientCertificate authentication with HttpWebRequest. For the client certificate authentication we are creating the X509Certificate from Pfx file and attached to the outgoing HttpWebRequest.
What we see is that after the request is created we are seeing to many temporary files in the folder : C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
As we make more request we see that the number of temporary files created in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder is increasing continuously.
We create the certificate from pfx file and then we set the key container. Expilicity access is granted using CryptoKeySecurity and CryptKeyAccessRule. The private method SetKeyContainerSecurity takes the CspKeyContainerInfo and CryptoSecurity. Then it uses the CryptAcquirecontext and CryptSetProvParam to set the key container security.
The issue we are facing is large number of temporary files getting created in the disk at location : C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
What is the correct approach to ensure that these temporary files are deleted.
回答1:
Is the hotfix at http://support.microsoft.com/kb/931908 relevant? It addresses the issue "On a Windows Server 2003-based or Windows Server 2008-based client computer, the system does not delete a temporary file that is created when an application calls the "CryptQueryObject" function"
来源:https://stackoverflow.com/questions/11670361/using-x509certificate-pfx-for-client-certificate-authentication-creates-too-many