i want to encrypt the connectionstring section of my web.config. i have tried to do this by following the below steps:
Open Developer Command Prompt for VS2013
aspnet_regiis -pef "connectionStrings" -app "/E:\New folder\WebApplication1\WebApplication1"
it is thorwing me error "a configuration file cannot be created for the requested configuration object. failed"
I did some google but i am not able to get why i am facing this. i have tried to change the permissions of website folder?
do i need to set the website in IIS?
please help me to solve this issue.
thanks in advance.
<configuration>
<configProtectedData defaultProvider="SampleProvider">
<providers>
<add name="SampleProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="SampleKeys"
useMachineContainer="true" />
</providers>
add above section into web.config.
Open Developer Command Prompt for VS2013
change directory to C:\Windows\Microsoft.NET\Framework\v4.0.30319 using
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
run the following command
aspnet_regiis -pef "connectionStrings" "E:\New folder\WebApplication2\WebApplication2"
It encrypt the connection string. :)
Related
C:\WINDOWS\Microsoft.NET\Framework\v2.0>aspnet_regiis.exe -pef connection1
"C:\Website1" -prov "RSAProtectedConfigurationProvider"
Encrypting configuration section...
The configuration section 'connection1' was not found.
Failed!
Above is screen shot of error that i getting while encrypting connection string
The web config file is as,
<configuration>
<connectionStrings>
<add name="connection1" connectionString="Data Source=inpun2-s4pvh8bs;uid=cusa;pwd=csusa;Initial Catalog=ChemTrack"/>
</connectionStrings>
</configuration>
Any idea about this?
I am running this from visual studio 2010 command prompt.
also a/c that i am using is member of administrator group.
Try this instead :
aspnet_regiis.exe -pef "connectionStrings" "C:\Website1"
For more : http://www.codeproject.com/Tips/304638/Encrypt-or-Decrypt-Connection-Strings-in-web-confi
I have "Class library projet" which works as HttpHandler later at a webserver. So I have locally 2 files app.config (for local dev, because it is a dll) and web.config (for remote web server).
So now I wanted to encrypt config file. Everything was encrypted and imported at remote web server. But the handler doesn't work. I receive an error: "Failed to decrypt using provider 'My_Provider'. Error message from the provider: The RSA key container could not be opened."
At my dev PC everything works fine. What is wrong?
So this my export steps
cd %windir%\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis -pc "My_Keys" -exp
aspnet_regiis -pa "My_Keys" "IIS APPPOOL\CustomAppPool"
aspnet_regiis -pef "connectionStrings" "HandlerProjectPath" -prov
"My_Provider"
aspnet_regiis -px "MyKeys" "HandlerProjectPath\MyKeys.xml" -pri
pause
these are import step
%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pi
"My_Keys" "MyKeys.xml"
pause
p.s. My handler works at IIS 7 inside my custom AppPool with name "CustomAppPool". I specially created an app pool name at my PC.
this is my configData
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="My_Keys"
useMachineContainer="true" />
</providers> </configProtectedData>
Thanks in advance!
I think you need to grant access to the container to the IIS Identity assigned to your AppPool, after you import the key pair.
I use asp.net 4 c# entity framework 4 and asp.net membership.
I usually use VS2010 CASSINI as to test my web application.. now I have to move my web app to IIS 7 locally.
My app was working just fine on Cassini, now on IIS 7 when some script try to access asp.net membership table I get this error:
System.Web.Security.SqlRoleProvider' requires a database schema compatible with schema version '1'. However, the current database schema is not compatible with this version. You may need to either install a compatible schema with aspnet_reqsql.exe (available in the framework installation directory), or upgrade the provider to a newer version. Alright, my database was exactly the same and everything looked fine.
I tied to recycle pool and website but the problem persist.
Do you have any ideas? Many thanks for your time no this.
UPDATE:
I found out this line in the SQL script with generate the DB ... could be connected?:
xp_cmdshell 'c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe -E -S localhost -A mr -Q -d SiteNameExtension' -- mr = install Membership, Role Manager
This line in my sql installation script created the problem:
xp_cmdshell 'c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe -E -S localhost -A mr -Q -d SiteNameExtension' -- mr = install Membership, Role Manager
In fact aspnet_regsql.exe was not targeting Framework Version as in my Web.Configure (it was 4).
Updating xp_cmdshell o the right Framework version i solved the problem
Try updating the web config file with correct version of System.Web.Security.SqlRoleProvider
You can find the below configuration in c:/windows/microsoft.net/framework/v4.0.30319 or any other version , there you can find config file . Into it check for machine config files
to get version & public key.
For .net frameowork 4.0
<roleManager enabled="true" defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider" connectionStringName="rolesDB" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
for .net framework 2.0
<roleManager enabled="true" defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider" connectionStringName="rolesDB" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
I'm receiving the following error when trying to access a web service that is using (for temporary reasons) an encrypted system.web/identity entry:
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
I've followed the steps found in comments at http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx, and these are the steps I've done:
Added "xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"" to the configuration attribute in the web service's web.config
Create a container using aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp
Added the following to the web.config:
<configProtectedData>
<providers>
<clear />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,processorArchitecture=MSIL"
keyContainerName="DataProtectionConfigurationProviderKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
Granted access to the key container to the account IIS is running under: aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "eca\iusr_xxxxx". I also granted access to the impersonated account (e.g. the one in the identity attribute) using the same command.
I then encrypted the system.web/identity entry: aspnet_regiis -pef "system.web/identity" "C:\ddrive\EcaDevelopment\EcaApplicationsNet2\Projects\TASV2\Mainline\src\TASV2.WordToPdf.WebSvc" -prov "DataProtectionConfigurationProvider"
But, when I try to run my test harness against the web service, I get:
Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
What have I missed out? Can I actually encrypt just the identity tag? I can encrypt and use the connectionStrings no problem...
I have been trying for quite a while to figure out how to encrypt Application blocks that are stored in an external file called dev_entlib.config
I can see in entlib (4.1) that it's possible to use the default protection providers to encrypt the blocks but, I really need to deploy this Application on different servers and thus I would need to export the keyProvider used to encrypt the application blocks to those servers.
What I've done so far is to add a custom Protected Configuration Provider to the machine.config file in the .net v2.0* whatever folder (and all the target servers)
the custom provider is like this
<add name="MyCompanyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKey"
useMachineContainer="true" />
that sits nicely beside the other default providers and even has design time support in the Entlib config tool. I then choose the protection provider for each block I want to encrypt.
Looking at the dev_entlib.config, shows that indeed the block was encrypted with my provider. My provider uses my key container. Therefore the block should be encrypted using my key container. I then Export "MyKey" to an xml file using:
c:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -px "MyKey" "C:\keys.xml" -pri
Exporting RSA Keys to file...
Succeeded!
This key file is then copied to my sysTest server where it is imported and has access rights granted to "NT Authority\Network Services" and "ASPNET"
I then copy over my encrypted web.config and dev_entlib.config and try to display the connection strings in a small page which uses .net ConfigurationManager to get the ConnectionStrings collection and display them on the page. This page is running under IIS and the identity of the process is "NT Authority\Network Services".
The problem is, that it doesn't work! There are bad data errors or "failed to decrypt using provider MyCompanyProvider".
This approach seems to make logical sense to me but it still fails.
Does anyone have another suggestions?
Encrypt external Enterprise Library configuration files with your custom RSA key container using the Enterprise Library Configuration tool.
EntLib (4.1) uses the default protection provider RsaProtectedConfigurationProvider. But it is possible to remove this provider within your configuration file and replace it with your own with the same name which can then point to your custom key provider: "MyKey".
You should add this configProtectedData section in the configuration file that has the region that you want to encrypt (e.g. your external file: *dev_entlib.config*). You do not need to modify the machine.config file at all.
You can then choose the RsaProtectedConfigurationProvider from the Enterprise Library Configuration application for the Data Access Application Block ProtectionProvider.
You have to open this EntLibConfig.exe with Run as administrator if you are on Vista, Windows 7, Windows 2008.
Otherwise you will get an error:
Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists.
You can then copy this encrypted *dev_entlib.config* along with the web.config configuration file to your sysTest server. Open up the web.config file with Enterprise Library Configuration tool on that sysTest server should not get the error:
Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Bad Data.
web.config
This file is pretty much empty and just points to the external Data Configuration file:
<!-- web.config -->
<configuration>
<configSections>
<section name="enterpriseLibrary.ConfigurationSource" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ConfigurationSourceSection, Microsoft.Practices.EnterpriseLibrary.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<enterpriseLibrary.ConfigurationSource selectedSource="External Data Configuration File Source">
<sources>
<add name="External Data Configuration File Source" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.FileConfigurationSource, Microsoft.Practices.EnterpriseLibrary.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
filePath="dev_entlib.config" />
</sources>
</enterpriseLibrary.ConfigurationSource>
</configuration>
dev_entlib.config
This file has the connection strings and the protection provider with which it should be encrypted with:
<!-- dev_entlib.config -->
<configuration>
<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<dataConfiguration defaultDatabase="MyConnectionStringName" />
<connectionStrings>
<add name="cnHnicMediaLibrary" connectionString="Server=MyDbServer; Database=MyDbName; Integrated Security=SSPI"
providerName="System.Data.SqlClient" />
</connectionStrings>
<configProtectedData>
<providers>
<remove name="RsaProtectedConfigurationProvider" />
<add name="RsaProtectedConfigurationProvider"
keyContainerName="MyKey"
useMachineContainer="true"
description="Uses our own encryption key container so that it will work in a Web Farm setting. We need to trick Enterprise Library, which wants to use the default RsaCryptoServiceProvider to encrypt and decrypt, by replacing this default provider with our own while this configuration is processed!"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
</configuration>
Based on:
http://entlib.codeplex.com/discussions/237555 (AvanadeSupport, Dec 8 2010 at 11:37 PM)
http://entlib.codeplex.com/discussions/10300 (shane2007, Jul 9 2007 at 1:15 PM)
http://entlib.codeplex.com/discussions/213998 (need to change the version back to 2.0.0.0)
I hope that this described the error message that you had and how to fix it.
It doesn't seem to be possible yet. My solution is to just encrypt the blocks as part of the web.config and then copy and paste those blocks into an external entLib.config file. These block should then be able to be decrypted on the target servers with the exported key.