Required permissions for accessing Smartcards from Windows Service

Question

I have a Windows service which does some stuff using a Smartcard. The certificate of the smartcard is mapped into the MY store of the local machine. Accessing the private key of the smartcard is no problem when the service runs as System, but it fails when run as NetworkService.

I've already granted access to the certificate to the NetworkService using the Certificate MMC (Manage Private Keys...).

The error I get is: The Smart card resource manager is not running.

The error is thrown with a Cryptographic Exception.

Stacktrace:   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters     parameters, Boolean randomKeyContainer)
    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

Any ideas which privileges and/or permissions are required to access the Smart card resource manager?

Kind regards,

Henning Krause

Answer 1

The LocalService has enough permissions to access smartcards. This is the solution I went with.

Answer 2

X509Certificate2 raises "The Smart card resource manager is not running" exception http://blogs.msdn.com/b/alejacma/archive/2011/05/19/x509certificate2-raises-quot-the-smart-card-resource-manager-is-not-running-quot-exception.aspx