I have the following encrypted identity tag in my web config file-:
<identity configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>iafzB3KzsJNARz+5zffLyV2Rzuu/UjLdFr3D8jHfJHKGC6u3jlFB8f/FeveEsQqNP981rbFafKlXXdyG/DGMMkowWbnkQVYaffIUDkvk19jIntsFqufWYJWOO95CceKjjZPeNHh8FCadp1et5Th/mCUtz8xsQ9s8e92t64J8jlg=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>MWlwJley/C3TbezWLE+wPHo22L1Tog6xCTm999SoWkUzvIz+FdrVgBw3+x5GexO7BNG6KycamWqSdCl+1pD4a/rWfYbY26We5AgrPh20kTN7WKf9noFmCg==</CipherValue>
</CipherData>
</EncryptedData>
</identity>
I want to know that what keyword should i use in this command prompt to decrypt identity section in web config?
currently i am using this-:
C:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -pdf identity C
:\inetpub\vhosts\kimpolling.nl\httpdocs
But it is not working.
You can decrypt the encrypted Web.config file contents, if you want to, by running aspnet_regiis.exe with the -pdoption. The syntax is the same as the syntax for encrypting Web.config file contents with the -pe option, except that you do not specify a Protected Configuration provider.
Example:
aspnet_regiis -pd "connectionStrings" -app "/MyApplication"
The above will decrypt the connectionStrings.
Reference
Related
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings configSource="appSettings.config"/>
<connectionStrings configSource="connections.config"/>
<system.web>
<compilation debug="true" />
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
</configuration>
Above web.config is used in MVC Web Application.
I tried to encrypt using RsaProtectedConfigurationProvider with aspnet_regiis. But it's not working as expected in simple Web.config where appSettings and connectionStrings present at the same file.
I am using the command to encrypt web.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis -pef "connectionStrings" "D:\WebApplication" -prov "AppEncryptionProvider".
C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis -pef "appSettings" "D:\WebApplication" -prov "AppEncryptionProvider".
but while using this in a web application it gives me the error as below: Failed to decrypt using provider 'AppEncryptionProvider'. Error message from the provider: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
Line 1: <appSettings configProtectionProvider="AppEncryptionProvider">
Line 2: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 3: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 4: <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
Yes. You can do this with the below command by passing provider and your site name.
aspnet_regiis -pe "appSettings" -prov "{0}" -site {1} -app "/"
Where:
{0} is the name of your encryption provider specified in the web.config.
{1} is the Id of your site in IIS
Similar Question:
Encrypting AppSettings in file external to Web.Config
I'm working on asp.net project I have to encrypt credential in web.config file
<add name="ConnectionString"
connectionString="Data Source=sqlexpress;
Initial Catalog=Employee;
User ID=testUser;
Password=testPassword"
providerName="System.Data.SqlClient"/>
You can use aspnet_regiis to do this.
As an example:
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication" -prov "RsaProtectedConfigurationProvider"
Encrypting and Decrypting Configuration Sections
We are developing an application with .NET and we are connecting to an SQL 2008 db on a windows server. Up until now we have been a small team which meant that the following code was acceptable:
<add key="ConnectionString" value="Server=00.000.000.00;uid=myUsername;pwd=myPassword;Database=myDatabase" />
This is then called when I want to connect to the database.
Our team is expanding and the new developers should not have access to the database credentials. They will have access to the application code and they have to connect to the database which is on a non-local server whilst running in debug mode locally.
What is the best (and fastest) solution to allow them to connect to the database without having credentials which will allow them to open the database and view the tables?
The quickest and easiest solution would be to encrypt the ConnectionString in your config file. It's pretty simply to do as well.
Open CMD change the directory to the .NET Framework version (your prefered version) directory by typing the following command:
cd \WINDOWS\Microsoft.Net\Framework\yourversion
At the command prompt, run aspnet_regiis.exe with the following options:
The -pe option and the string "connectionStrings" to encrypt the connectionStrings element of the Web.config file for your application.
The -app option and the name of your application.
For example, the following command encrypts the section of the Web.config file for an application named MyApplication.
aspnet_regiis -pe "connectionStrings" -app "/MyApplication"
The encrypted connectionString will look something like
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>RSA Key
</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>WcFEbDX8VyLfAsVK8g6hZVAG1674ZFc1kWH0BoazgOwdBfinhcAmQmnIn0oHtZ5tO2EXGl+dyh10giEmO9NemH4YZk+iMIln+ItcEay9CGWMXSen9UQLpcQHQqMJErZiPK4qPZaRWwqckLqriCl9X8x9OE7jKIsO2Ibapwj+1Jo=
</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>OpWQgQbq2wBZEGYAeV8WF82yz6q5WNFIj3rcuQ8gT0MP97aO9SHIZWwNggSEi2Ywi4oMaHX9p0NaJXG76aoMR9L/WasAxEwzQz3fexFgFSrGPful/5txSPTAGcqUb1PEBVlB9CA71UXIGVCPTiwF7zYDu8sSHhWa0fNXqVHHdLQYy1DfhXS3cO61vW5e/KYmKOGA4mjqT0VZaXgb9tVeGBDhjPh5ZlrLMNfYSozeJ+m2Lsm7hnF6VvFm3fFMXa6+h0JTHeCXBdmzg/vQb0u3oejSGzB4ly+V9O0T4Yxkwn9KVDW58PHOeRT2//3iZfJfWV2NZ4e6vj4Byjf81o3JVNgRjmm9hr9blVbbT3Q8/j5zJ+TElCn6zPHvnuB70iG2KPJXqAj2GBzBk6cHq+WNebOQNWIb7dTPumuZK0yW1XDZ5gkfBuqgn8hmosTE7mCvieP9rgATf6qgLgdA6zYyVV6WDjo1qbCV807lczxa3bF5KzKaVUSq5FS1SpdZKAE6/kkr0Ps++CE=
</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
You can this article for more information
I created a web app. Now I want to Encrypt the Web.config of my application.
I've tried the CMD method and it do worked. But I want to make it auto encypted after installation. Can anyone help me.
You don't need to encrypt whole web.config file. If you only keep connection string variable in web.config, you can only encrypt it.
You can use following command to encrypt connectionStrings.
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication"
After process your web.config files looks like following example.
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>RSA Key
</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>WcFEbDX8VyLfAsVK8g6hZVAG1674ZFc1kWH0BoazgOwdBfinhcAmQmnIn0oHtZ5tO2EXGl+dyh10giEmO9NemH4YZk+iMIln+ItcEay9CGWMXSen9UQLpcQHQqMJErZiPK4qPZaRWwqckLqriCl9X8x9OE7jKIsO2Ibapwj+1Jo=
</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>OpWQgQbq2wBZEGYAeV8WF82yz6q5WNFIj3rcuQ8gT0MP97aO9SHIZWwNggSEi2Ywi4oMaHX9p0NaJXG76aoMR9L/WasAxEwzQz3fexFgFSrGPful/5txSPTAGcqUb1PEBVlB9CA71UXIGVCPTiwF7zYDu8sSHhWa0fNXqVHHdLQYy1DfhXS3cO61vW5e/KYmKOGA4mjqT0VZaXgb9tVeGBDhjPh5ZlrLMNfYSozeJ+m2Lsm7hnF6VvFm3fFMXa6+h0JTHeCXBdmzg/vQb0u3oejSGzB4ly+V9O0T4Yxkwn9KVDW58PHOeRT2//3iZfJfWV2NZ4e6vj4Byjf81o3JVNgRjmm9hr9blVbbT3Q8/j5zJ+TElCn6zPHvnuB70iG2KPJXqAj2GBzBk6cHq+WNebOQNWIb7dTPumuZK0yW1XDZ5gkfBuqgn8hmosTE7mCvieP9rgATf6qgLgdA6zYyVV6WDjo1qbCV807lczxa3bF5KzKaVUSq5FS1SpdZKAE6/kkr0Ps++CE=
</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
I need to encrypt part of our web.config for our ASP.Net 4.0 project, but we are required to use AES and the default appears to be Triple DES. How can I tell it to use AES encryption instead?
In the command prompt I do the following commands:
aspnet_regiis -pc "NetFrameworkConfigurationKey" -exp
aspnet_regiis -pe "connectionStrings" -app "/<myapp>"
I figure I set the encryption method to AES by selecting the appropriate CSP (-csp) but I haven't been able to find or figure out the name of the right one.
And one of the lines in the encrypted web.config is:
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
The provider is selected using the -prov parameter to aspnet_regiis. The providers are registered in the web/machine.config using the configProtectedData section. In order to register AES you would use something like this:
<configProtectedData>
<providers>
<add name="AesProvider"
type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider"
description="Uses an AES session key to encrypt and decrypt"
keyContainerName="iisConfigurationKey" cspProviderName=""
useOAEP="false" useMachineContainer="true"
sessionKey="aSessionKeyGoesHere" />
</providers>
</configProtectedData>
On my machine RSA and DPAPI are the preconfigured algorithms in machine.config.
Provided that the AES provider is registered you should be able to encrypt a config section using:
aspnet_regiis -pe "connectionStrings" -app "/<myapp>" -prov "AesProvider"