Develop Reference

Can we encrypt external appSettings and connectionStrings in web.config?

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings configSource="appSettings.config"/>
<connectionStrings configSource="connections.config"/>
<system.web>
<compilation debug="true" />
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
</configuration>
Above web.config is used in MVC Web Application.
I tried to encrypt using RsaProtectedConfigurationProvider with aspnet_regiis. But it's not working as expected in simple Web.config where appSettings and connectionStrings present at the same file.
I am using the command to encrypt web.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis -pef "connectionStrings" "D:\WebApplication" -prov "AppEncryptionProvider".
C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis -pef "appSettings" "D:\WebApplication" -prov "AppEncryptionProvider".
but while using this in a web application it gives me the error as below: Failed to decrypt using provider 'AppEncryptionProvider'. Error message from the provider: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
Line 1: <appSettings configProtectionProvider="AppEncryptionProvider">
Line 2: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 3: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 4: <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

Yes. You can do this with the below command by passing provider and your site name.
aspnet_regiis -pe "appSettings" -prov "{0}" -site {1} -app "/"
Where:
{0} is the name of your encryption provider specified in the web.config.
{1} is the Id of your site in IIS
Similar Question:
Encrypting AppSettings in file external to Web.Config

TFS variables for connection string

I have continous integration in tfs project. I want to replace connection string to my production db on release, but all the information on the web is confusing. I created parameters.xml with this:
<?xml version="1.0" encoding="utf-8" ?>
<parameters>
<parameter name="connectionString" description="connectionString" defaultvalue="(localdb)\MSSQLLocalDB;InitialCatalog=BlogsPostsLocalDb;Integrated Security=true;" tags="">
<parameterentry kind="XmlFile" scope="\\web.config$" match="What to write here?" />
</parameter>
</parameters>
In TFS, in my App Deploy task I can see SetParameters File option, so I suspect that I have to use that, but I don't understand how to tell it which parameter in Web.config belongs to the parameter in parameters.xml.
In my Web.config I need to replace static path with the one in parameters.xml. My Web.config:
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework">
<parameters>
<parameter value="Data Source=(localdb)\MSSQLLocalDB;InitialCatalog=BlogsPostsLocalDb;Integrated Security=true;" />
</parameters>
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
EDIT:
I used a tool to create parameters.xml which now looks like this:
<parameters>
<parameter name="ConnectionString" description="Description for ConnectionString" defaultvalue="__CONNECTIONSTRING__" tags="">
<parameterentry kind="XmlFile" scope="\\web.config$" match="/configuration/appSettings/add[#key='ConnectionString']/#value" />
</parameter>
</parameters>
My web.config:
<appSettings>
<add key="ConnectionString" value="Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=BlogsPostsTestDb;Integrated Security=True" />
</appSettings>
And in my context I do this:
public BlogsPostsContext() : base(WebConfigurationManager.AppSettings["ConnectionString"]) { }
In TFS I set variable for relase
Name | Value
ConnectionString | Data Source=WIN-7ADV5BGRBE3\SQLEXPRESS;Initial Catalog=BlogsPostsDb;Integrated Security=True
Unfortunately when I do a release and look inside web.config on my server I can only see <add key="ConnectionString" value="__CONNECTIONSTRING__" />
And the parameters.xml:
<parameters>
<parameter name="ConnectionString" description="Description for ConnectionString" defaultvalue="__CONNECTIONSTRING__" tags="">
<parameterentry kind="XmlFile" scope="\\web.config$" match="/configuration/appSettings/add[#key='ConnectionString']/#value" />
</parameter>
</parameters>
MsBuild Arguments:
/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:PackageLocation="$(build.artifactstagingdirectory)\\"

A [project name].SetParameters.xml file is generated when you build a web application project.
This provides a set of parameter values to the MSDeploy.exe command.
You can update the values in this file and pass it to Web Deploy as a
command-line parameter when you deploy your web package.
Since SetParameters.xml file is dynamically generated from your web application project file and any configuration files within your project.
You could also parameterize additional settings by adding a parameters.xml file to your project. Below entry uses an XML Path Language (XPath) query to locate and parameterize the endpoint URL of the ContactService Windows Communication Foundation (WCF) service in the web.config file.
<parameters>
<parameter name="ContactService Service Endpoint Address"
description="Specify the endpoint URL for the ContactService WCF
service in the destination environment"
defaultValue="http://localhost/ContactManagerService">
<parameterEntry kind="XmlFile" scope="Web.config"
match="/configuration/system.serviceModel/client
/endpoint[#name='BasicHttpBinding_IContactService']
/#address" />
</parameter>
</parameters>
The WPP also adds a corresponding entry to the SetParameters.xml file that gets generated alongside the deployment package.
<parameters>
...
<setParameter
name="ContactService Service Endpoint Address"
value="http://localhost/ContactManagerService" />
...
</parameters>
For how to tell it which parameter in Web.config belongs to the parameter in parameters.xml, you need to use match entry to do this. More detail info please refer this tutorial: Configuring Parameters for Web Package Deployment

I had a similar problem, I am using ASP.Net and IIS application in visual studio i created a configuration for example Test for any cpu then i publish a IIS file called test.pubxml (right click on project click publish), That file will contain the connection string from your web.config file , Then you right-click on the file you have created (test.pubxml) and select add web-transform file add the following iy you want to transform the connection string.
<connectionStrings>
<add name="test" connectionString="Data Source=(localdb)\MSSQLLocalDB;InitialCatalog=BlogsPostsLocalDb;Integrated Security=true;" xdt:Transform="SetAttributes(connectionString)" xdt:Locator="Match(name)" />
</connectionStrings>
Now you have a file that will do the exact same things as parameters.xml file.
In your build defition add the following to ms arguments
/p:DeployOnBuild=true;PublishProfile=test.pubxml;Configuration=Test;
That will build a .zip package,
In your Release Definition
In your deploy step, Add the following to your Web Deploy Parameter File input
Path/Path/test.SetParameters.xml
That Will deploy the website with transformed connection string.
I know its a lot but you can follow this blog its really helpfull Colin

Following articles about parameters.xml mislead me. It turns out that all I had to do to make it work was to follow instructions inside Web.Release.Config.
This is what I added inside Web.config:
<connectionStrings>
<add name="BlogsPostsDb"
providerName="System.Data.SqlClient"
connectionString="Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=BlogsPostsTestDb;Integrated Security=True"/>
</connectionStrings>
And this is what I added inside Web.Release.Config:
<connectionStrings>
<add name="BlogsPostsDb"
connectionString="Data Source=myServerInstance;Initial Catalog=BlogsPostsDb;User ID=*********;Password=******;"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
</connectionStrings>
Now it makes sense. As long as the names match in both configs, they will be replaced. I also had to tell my context which connection string I want to use:
public BlogsPostsContext() : base("BlogsPostsDb") { }

How to decrypt identity section in web config?

I have the following encrypted identity tag in my web config file-:
<identity configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>iafzB3KzsJNARz+5zffLyV2Rzuu/UjLdFr3D8jHfJHKGC6u3jlFB8f/FeveEsQqNP981rbFafKlXXdyG/DGMMkowWbnkQVYaffIUDkvk19jIntsFqufWYJWOO95CceKjjZPeNHh8FCadp1et5Th/mCUtz8xsQ9s8e92t64J8jlg=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>MWlwJley/C3TbezWLE+wPHo22L1Tog6xCTm999SoWkUzvIz+FdrVgBw3+x5GexO7BNG6KycamWqSdCl+1pD4a/rWfYbY26We5AgrPh20kTN7WKf9noFmCg==</CipherValue>
</CipherData>
</EncryptedData>
</identity>
I want to know that what keyword should i use in this command prompt to decrypt identity section in web config?
currently i am using this-:
C:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -pdf identity C
:\inetpub\vhosts\kimpolling.nl\httpdocs
But it is not working.

You can decrypt the encrypted Web.config file contents, if you want to, by running aspnet_regiis.exe with the -pdoption. The syntax is the same as the syntax for encrypting Web.config file contents with the -pe option, except that you do not specify a Protected Configuration provider.
Example:
aspnet_regiis -pd "connectionStrings" -app "/MyApplication"
The above will decrypt the connectionStrings.
Reference

.NET connection to SQL DB encrypted in webconfig

We are developing an application with .NET and we are connecting to an SQL 2008 db on a windows server. Up until now we have been a small team which meant that the following code was acceptable:
<add key="ConnectionString" value="Server=00.000.000.00;uid=myUsername;pwd=myPassword;Database=myDatabase" />
This is then called when I want to connect to the database.
Our team is expanding and the new developers should not have access to the database credentials. They will have access to the application code and they have to connect to the database which is on a non-local server whilst running in debug mode locally.
What is the best (and fastest) solution to allow them to connect to the database without having credentials which will allow them to open the database and view the tables?

The quickest and easiest solution would be to encrypt the ConnectionString in your config file. It's pretty simply to do as well.
Open CMD change the directory to the .NET Framework version (your prefered version) directory by typing the following command:
cd \WINDOWS\Microsoft.Net\Framework\yourversion
At the command prompt, run aspnet_regiis.exe with the following options:
The -pe option and the string "connectionStrings" to encrypt the connectionStrings element of the Web.config file for your application.
The -app option and the name of your application.
For example, the following command encrypts the section of the Web.config file for an application named MyApplication.
aspnet_regiis -pe "connectionStrings" -app "/MyApplication"
The encrypted connectionString will look something like
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>RSA Key
</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>WcFEbDX8VyLfAsVK8g6hZVAG1674ZFc1kWH0BoazgOwdBfinhcAmQmnIn0oHtZ5tO2EXGl+dyh10giEmO9NemH4YZk+iMIln+ItcEay9CGWMXSen9UQLpcQHQqMJErZiPK4qPZaRWwqckLqriCl9X8x9OE7jKIsO2Ibapwj+1Jo=
</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>OpWQgQbq2wBZEGYAeV8WF82yz6q5WNFIj3rcuQ8gT0MP97aO9SHIZWwNggSEi2Ywi4oMaHX9p0NaJXG76aoMR9L/WasAxEwzQz3fexFgFSrGPful/5txSPTAGcqUb1PEBVlB9CA71UXIGVCPTiwF7zYDu8sSHhWa0fNXqVHHdLQYy1DfhXS3cO61vW5e/KYmKOGA4mjqT0VZaXgb9tVeGBDhjPh5ZlrLMNfYSozeJ+m2Lsm7hnF6VvFm3fFMXa6+h0JTHeCXBdmzg/vQb0u3oejSGzB4ly+V9O0T4Yxkwn9KVDW58PHOeRT2//3iZfJfWV2NZ4e6vj4Byjf81o3JVNgRjmm9hr9blVbbT3Q8/j5zJ+TElCn6zPHvnuB70iG2KPJXqAj2GBzBk6cHq+WNebOQNWIb7dTPumuZK0yW1XDZ5gkfBuqgn8hmosTE7mCvieP9rgATf6qgLgdA6zYyVV6WDjo1qbCV807lczxa3bF5KzKaVUSq5FS1SpdZKAE6/kkr0Ps++CE=
</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
You can this article for more information

Oracle.ManagedDataAccess: TNS:could not resolve the connect identifier specified

I'm getting the following error while trying to connect to an Oracle database from a new ASP.NET MVC 4 application: "ORA-12154: TNS:could not resolve the connect identifier specified". I'm using the Oracle.ManagedDataAccess DLL (version 4.121.1.0) to try to connect to an Oracle 10g database. Here's the thing - I have an integration test assembly that is successfully connecting to the database using this minimal App.config:
<connectionStrings>
<add name="OracleConnection" connectionString="DATA SOURCE=TNS_NAME;PASSWORD=xxx;PERSIST SECURITY INFO=True;USER ID=xxx" providerName="Oracle.ManagedDataAccess.Client" />
</connectionStrings>
However, if I try to run my web app with all the crazy Web.config settings, I'm getting the error "ORA-12154: TNS:could not resolve the connect identifier specified". What am I doing wrong? Why is my config for the integration test assembly so simple and the Web.config so complex? Here's the pertinent sections of my Web.config (taken from Deploying and Configuring ODP.NET to work without installation with Entity Framework):
custom configSection:
<configSections>
<section name="oracle.manageddataaccess.client"
type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.121.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342" />
</configSections>
the corresponding config section:
<oracle.manageddataaccess.client>
<version number="*">
<edmMappings>
<edmMapping dataType="number">
<add name="bool" precision="1"/>
<add name="byte" precision="2" />
<add name="int16" precision="5" />
</edmMapping>
</edmMappings>
</version>
</oracle.manageddataaccess.client>
custom system.data node:
<system.data>
<DbProviderFactories>
Remove in case this is already defined in machine.config
<remove invariant="Oracle.DataAccess.Client" />
<remove invariant="Oracle.ManagedDataAccess.Client" />
<add name="ODP.NET, Managed Driver" invariant="Oracle.ManagedDataAccess.Client"
description="Oracle Data Provider for .NET, Managed Driver"
type="Oracle.ManagedDataAccess.Client.OracleClientFactory, Oracle.ManagedDataAccess, Version=4.121.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342" />
</DbProviderFactories>
</system.data>
EntityFramework node:
<entityFramework>
<defaultConnectionFactory type="Victoria.Data.OracleConnectionFactory, EntityFramework" />
</entityFramework>
Update 1: After reading through http://docs.oracle.com/cd/E16655_01/win.121/e17732/featConfig.htm#ODPNT8161, I tried modifying my Web.config oracle.manageddataaccess.client to the following and it works. However, it doesn't seem right to have the connectionString node referencing the TNS name AND this extra reference to the same TNS Names file.
<oracle.manageddataaccess.client>
<version number="*">
<dataSources>
<dataSource alias="SIEBMATS" descriptor="(DESCRIPTION=(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = xxx.yyy.zzz)(PORT = 1521)))(CONNECT_DATA =(SERVICE_NAME = siebmats)))" />
</dataSources>
<edmMappings>
<edmMapping dataType="number">
<add name="bool" precision="1"/>
<add name="byte" precision="2" />
<add name="int16" precision="5" />
</edmMapping>
</edmMappings>
</version>
</oracle.manageddataaccess.client>

One thing you can try is having the connection string like so:
connectionString="Data Source=//SERVER:PORT/INSTANCE_NAME;USER=XXX;PASSWORD=XXX".
Useful references here:
http://www.connectionstrings.com/oracle/
http://docs.oracle.com/cd/E51173_01/win.122/e17732/featConnecting.htm#ODPNT169
This has also helped me while having problems with EF:
Deploying and Configuring ODP.NET to work without installation with Entity Framework
Hope to have helped.

My problem was in incorrect/incomplete Oracle Driver version, had 11.2.0 installed. I add another 12.2.0 version, didn't change anything in web.config and it worked as charm

I suggest to try the solution proposed by #kolbasov in another thread but about the same problem: https://stackoverflow.com/a/20050462/9390179
It worked for me:
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name="TNS_ADMIN" value="C:\Oracle\product\11.1.0\client_1\network\admin" />
</settings>
</version>
</oracle.manageddataaccess.client>