I have a batch script step that runs at the end of my web deploy the script encrypts a connection string in web.config using aspnet_regiis.exe, In the logs it looks like it went fine but it doesnt acctually encrypt the connectionString, when i run the batch locally on my remote machine it works. Is there a way to do through Release definition or the user has to run the batch locally every time?
here is the code.
start C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "2"
echo Encryption Successfull!
pause
First suggest you using your build service account RDP to the remote machine and run the batch script. Double check if you are missing any permission for the account.
Since , the logs it looks like it went fine but it doesn't actually encrypt the connectionString. Also try to do some test below to perform it:
Have you compared the transformed web.config file that is deployed to
server to the original encrypted config file? Test with both files on
server.
Try unencrypting the config file on server and see if you get the
correct connection strings back.
Related
I ran the following command to encrypt credentials in web.config on my dev machine and tested the code and worked fine, however I published to the web server and it would fail as apparently the encryption is specific to the machine.
I then tried to run the same command on the unencrypted web.config on my web server and it completed successfully, however the same symptoms are still present within the website, where it cannot find the credentials. What am I doing wrong? What is the proper process encrypting a web.config section and then publishing to another machine?
aspnet_regiis.exe -pef "secureAppSettings" "C:\Users\project" -prov "DataProtectionConfigurationProvider"
I have an ASP.Net Web Application which tries to log into Azure using power shell commands. The following code is being used for this purpose:
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript("az login -u 'vtripathi#hsdyn.com' -p '********'");
pipeline.Commands.Add("Out-String");
var output = pipeline.Invoke();
string result = output[0].ToString();
The problem here is that when I run this application locally on my system, it manages to log into Azure successfully, but when I deploy the same application on Azure app service, I get the below error:
Server Error in '/' Application.
The term 'az' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Please suggest what might be wrong.
Az Login is a command from the Azure CLI, therefore to run this the CLI needs to be installed on the machine you are running it on. CLI will not be installed on an Azure Web app.
If your writing a .net web app you really want to be using the .net Azure API to talk directly to the Azure REST API, not trying to use CLI.
I am working on an asp.net mvc-5 web application. and i am calling a 3rd party API from my server side using security token generated by the 3rd party application.
now i am passing the token in a secure manner as follow:-
i am adding the token to the http header.
and we are using https to communicate with the 3rd party system.
so i think the token can not be hacked during its transmission. but the problem i am facing is how i can store and read the token itself. currently i am storing this inside our web.config section:-
<appSettings>
.....
.....
<add key="SecureToken" value="12345" />
.....
.....
</appSettings>
and i am retrieving the value inside my application as follow:-
string Token = System.Web.Configuration.WebConfigurationManager.AppSettings["SecureToken"]
so the security problem i am facing is that if someone access the live server he can read the web.config file and get the secure token. so i read that i can encrypt part of the web.config sections using aspnet_iisreg command. but now i am not sure how i can force this to work across my environments? i mean where i need to run the aspnet_iisreg inside one environemnt let say the Dev ? or i need to run this command on the three environments seperately?
It should run through a deployment script, it can be a msi or powershell or something else. If you deploy manually, it requires aspnet_regiis -pe "yourappsettings" -app ... which is also a manual job and error prone. So develop a package with all your pages, dlls, .js, images etc. and install that package (msi or powershell or something else) and install that to your server. In that package include a script which does aspnet_regiis command and this command should run after virtual directory creation, mainly it should be kinds of last action. If you are using powershell, it's a set of instructions - so one instruction should be aspnet_regiis command. Try with post build event for VS web deployment package.
I know I can do this to encrypt connection strings in a web site that is already deployed:
aspnet_regiis -pe connectionStrings
I can also encrypt connection strings in a web site before it is deployed by doing this:
aspnet_regiis -pef connectionStrings .\WebApplication1
I also know how to make my own RSA key, install it on several computers, and set up an encryption provider for that key, so I can encrypt it on one machine and publish it on another:
aspnet_regiis -pef connectionStrings .\WebApplication1 -prov MyProvider
I can even tell MSBuild to encrypt the connection strings for me during deployment by adding a line to the .pubxml file (https://msdn.microsoft.com/en-us/library/ee942158%28v=vs.110%29.aspx#encrypt_webconfig).
But what I really need to do is this:
create the web site source code and save it in source control with the connection strings decrypted;
build the web site, transforming the web.config file with web.debug.config or web.release.config;
encrypt the connection strings in the transformed web.config using my custom encryption provider;
and then publish it
all from an automated process. Note: I can't encrypt the connection strings first and then build the web site, because I have to transform the web.config file before encrypting it. I don't want to publish the web site first and then encrypt the connection strings, because I don't want the decrypted connection strings to be on the web server even for a brief time. I want to encrypt the connection strings during the deploy process, but with my own encryption provider. How can I do that? It's got to be possible. Any combination of msbuild commands, msdeploy commands, and .pubxml file settings would be acceptable.
I've tried searching for how to do this -- I really have -- but I can't find a comprehensive reference for msbuild.exe / msdeploy.exe / *.pubxml ANYWHERE. (That's a separate question.)
I have SSIS package which executes several minutes. It copies data to my PROD database. Package is launched from Sql Server Job. I'd like to take my web site offline during executing of the package. How do I can turn off my web site before execution and then turn on it back automatically?
I use Sql Server 2008 and IIS6.
Thanks
Here is a possible option:
Within the SSIS package:
Create a batch file named StopWebsite.bat with the following command:
iisreset /stop computername
Create another batch file named StartWebsite.bat with the following command:
iisreset /start computername
In the SSIS package, place an Execute Process Task in the Control Flow tab. Call the first batch file StopWebsite.bat from the Execute Process task. This will stop the Internet Information Services (IIS).
Place all your other tasks after the first Execute Process Task.
After all your other tasks in the Control Flow tab, place another Execute Process Task. Call the second batch file StartWebsite.bat. This will start the IIS.
Note that you need to place the batch files in a location where the SSIS package can access them from the production environment.
Within the SQL Server job:
If you don't want to do this in the SSIS package. You need to have three steps in your SQL Server Job.
Step 1 would execute the command iisreset /stop computername as job of type Operating System (CmdExec)
Step 2 would call the SSIS package.
Step 3 would execute the command iisreset /start computername as job of type Operating System (CmdExec)
If you run into permissions issue, make sure that the account (usually it is SQL Server Agent Account) in which the step is being executed has permissions to restart IIS on the remote server. You could also try to use a proxy account that would make use of a domain account credentials, in the following link screenshots 8 - 14 explains how to create a proxy account on job type SSIS Package Execution. You might need to do something similar on the Operating System (CmdExec) job type. How do I create a step in my SQL Server Agent Job which will run my SSIS package?
Replace computername with your actual computer name or IP address of the machine where your website is hosted.
I would say option #2 is easier to maintain.
Hope that helps.