One way to overcome the problem I described in this post would be to run in partial trust. This way you could factor out the code that does the encryption while the rest of your application doesn’t even have file IO access to the private key file.

The problem is that the TokenProcessor code from the SDK has a lot of dependencies on System.ServiceModel/IdentityModel – and they require full trust (no APTCA). After massaging the decryption code a little bit, I was able call it from a partially trusted web app. The necessary steps were:

• Put the code into a separate assembly
• Assert full trust
• Add APTCA
• Re-implement the ClaimTypes class (so that the web app doesn’t need to use the full-trust only WCF class)
• Put it in the GAC / write a custom policy

Works fine. (download)