I have encrypted value and I tried to decrypt it using asp_regiis.exe.
<configuration>
<connectionStrings
configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl....fK39sbTH</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
When I run this command:
aspnet_regiis.exe -pdf "connectionStrings" "C:\Users\Test"
I have this error:
Decrypting configuration section...
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider:
Data at the root level is invalid. Line 1, position 1.
Failed!
What seems wrong with this? I need to find the decrypted value.
Please advise.
Related
i want to encrypt the connectionstring section of my web.config. i have tried to do this by following the below steps:
Open Developer Command Prompt for VS2013
aspnet_regiis -pef "connectionStrings" -app "/E:\New folder\WebApplication1\WebApplication1"
it is thorwing me error "a configuration file cannot be created for the requested configuration object. failed"
I did some google but i am not able to get why i am facing this. i have tried to change the permissions of website folder?
do i need to set the website in IIS?
please help me to solve this issue.
thanks in advance.
<configuration>
<configProtectedData defaultProvider="SampleProvider">
<providers>
<add name="SampleProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="SampleKeys"
useMachineContainer="true" />
</providers>
add above section into web.config.
Open Developer Command Prompt for VS2013
change directory to C:\Windows\Microsoft.NET\Framework\v4.0.30319 using
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
run the following command
aspnet_regiis -pef "connectionStrings" "E:\New folder\WebApplication2\WebApplication2"
It encrypt the connection string. :)
We are developing an application with .NET and we are connecting to an SQL 2008 db on a windows server. Up until now we have been a small team which meant that the following code was acceptable:
<add key="ConnectionString" value="Server=00.000.000.00;uid=myUsername;pwd=myPassword;Database=myDatabase" />
This is then called when I want to connect to the database.
Our team is expanding and the new developers should not have access to the database credentials. They will have access to the application code and they have to connect to the database which is on a non-local server whilst running in debug mode locally.
What is the best (and fastest) solution to allow them to connect to the database without having credentials which will allow them to open the database and view the tables?
The quickest and easiest solution would be to encrypt the ConnectionString in your config file. It's pretty simply to do as well.
Open CMD change the directory to the .NET Framework version (your prefered version) directory by typing the following command:
cd \WINDOWS\Microsoft.Net\Framework\yourversion
At the command prompt, run aspnet_regiis.exe with the following options:
The -pe option and the string "connectionStrings" to encrypt the connectionStrings element of the Web.config file for your application.
The -app option and the name of your application.
For example, the following command encrypts the section of the Web.config file for an application named MyApplication.
aspnet_regiis -pe "connectionStrings" -app "/MyApplication"
The encrypted connectionString will look something like
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>RSA Key
</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>WcFEbDX8VyLfAsVK8g6hZVAG1674ZFc1kWH0BoazgOwdBfinhcAmQmnIn0oHtZ5tO2EXGl+dyh10giEmO9NemH4YZk+iMIln+ItcEay9CGWMXSen9UQLpcQHQqMJErZiPK4qPZaRWwqckLqriCl9X8x9OE7jKIsO2Ibapwj+1Jo=
</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>OpWQgQbq2wBZEGYAeV8WF82yz6q5WNFIj3rcuQ8gT0MP97aO9SHIZWwNggSEi2Ywi4oMaHX9p0NaJXG76aoMR9L/WasAxEwzQz3fexFgFSrGPful/5txSPTAGcqUb1PEBVlB9CA71UXIGVCPTiwF7zYDu8sSHhWa0fNXqVHHdLQYy1DfhXS3cO61vW5e/KYmKOGA4mjqT0VZaXgb9tVeGBDhjPh5ZlrLMNfYSozeJ+m2Lsm7hnF6VvFm3fFMXa6+h0JTHeCXBdmzg/vQb0u3oejSGzB4ly+V9O0T4Yxkwn9KVDW58PHOeRT2//3iZfJfWV2NZ4e6vj4Byjf81o3JVNgRjmm9hr9blVbbT3Q8/j5zJ+TElCn6zPHvnuB70iG2KPJXqAj2GBzBk6cHq+WNebOQNWIb7dTPumuZK0yW1XDZ5gkfBuqgn8hmosTE7mCvieP9rgATf6qgLgdA6zYyVV6WDjo1qbCV807lczxa3bF5KzKaVUSq5FS1SpdZKAE6/kkr0Ps++CE=
</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
You can this article for more information
C:\WINDOWS\Microsoft.NET\Framework\v2.0>aspnet_regiis.exe -pef connection1
"C:\Website1" -prov "RSAProtectedConfigurationProvider"
Encrypting configuration section...
The configuration section 'connection1' was not found.
Failed!
Above is screen shot of error that i getting while encrypting connection string
The web config file is as,
<configuration>
<connectionStrings>
<add name="connection1" connectionString="Data Source=inpun2-s4pvh8bs;uid=cusa;pwd=csusa;Initial Catalog=ChemTrack"/>
</connectionStrings>
</configuration>
Any idea about this?
I am running this from visual studio 2010 command prompt.
also a/c that i am using is member of administrator group.
Try this instead :
aspnet_regiis.exe -pef "connectionStrings" "C:\Website1"
For more : http://www.codeproject.com/Tips/304638/Encrypt-or-Decrypt-Connection-Strings-in-web-confi
I need to encrypt part of our web.config for our ASP.Net 4.0 project, but we are required to use AES and the default appears to be Triple DES. How can I tell it to use AES encryption instead?
In the command prompt I do the following commands:
aspnet_regiis -pc "NetFrameworkConfigurationKey" -exp
aspnet_regiis -pe "connectionStrings" -app "/<myapp>"
I figure I set the encryption method to AES by selecting the appropriate CSP (-csp) but I haven't been able to find or figure out the name of the right one.
And one of the lines in the encrypted web.config is:
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
The provider is selected using the -prov parameter to aspnet_regiis. The providers are registered in the web/machine.config using the configProtectedData section. In order to register AES you would use something like this:
<configProtectedData>
<providers>
<add name="AesProvider"
type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider"
description="Uses an AES session key to encrypt and decrypt"
keyContainerName="iisConfigurationKey" cspProviderName=""
useOAEP="false" useMachineContainer="true"
sessionKey="aSessionKeyGoesHere" />
</providers>
</configProtectedData>
On my machine RSA and DPAPI are the preconfigured algorithms in machine.config.
Provided that the AES provider is registered you should be able to encrypt a config section using:
aspnet_regiis -pe "connectionStrings" -app "/<myapp>" -prov "AesProvider"
I'm receiving the following error when trying to access a web service that is using (for temporary reasons) an encrypted system.web/identity entry:
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
I've followed the steps found in comments at http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx, and these are the steps I've done:
Added "xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"" to the configuration attribute in the web service's web.config
Create a container using aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp
Added the following to the web.config:
<configProtectedData>
<providers>
<clear />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,processorArchitecture=MSIL"
keyContainerName="DataProtectionConfigurationProviderKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
Granted access to the key container to the account IIS is running under: aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "eca\iusr_xxxxx". I also granted access to the impersonated account (e.g. the one in the identity attribute) using the same command.
I then encrypted the system.web/identity entry: aspnet_regiis -pef "system.web/identity" "C:\ddrive\EcaDevelopment\EcaApplicationsNet2\Projects\TASV2\Mainline\src\TASV2.WordToPdf.WebSvc" -prov "DataProtectionConfigurationProvider"
But, when I try to run my test harness against the web service, I get:
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
What have I missed out? Can I actually encrypt just the identity tag? I can encrypt and use the connectionStrings no problem...