I need to encrypt my web.config file on my dev machine (Windows XP SP-3) and export the RSA Key to my QA machine (Windows Server 2003). I used the following command to encrypt my file.
aspnet_regiis -pe "appSettings" -app "/VirtualDirectoryName" -prov "RsaProtectedConfigurationProvider"
and then i added the following section in my web.config file
<configProtectedData>
Then i created the RSA container with the name "SampleKeys"
Web.Config was encrypted nicely and i was able to use this file on my dev machine. I however had to turn on "Impersonation" and used my windows userName and password.
I need to export my RSA Key to QA server, so that i can use my the encrypted config file.
So i'm trying to export the RSA key and its failing. I don't understand the reason, as i'm following all the steps that are mentioned in the following link;
link text
When i try to export the RSA container, i get the error saying that the "RSA container was not found." But when i try to create the RSA container again with the same name, i get the error stating "The RSA container already exists".
even the following command executed successfully.
aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"
I however could not execute the following command;
aspnet_regiis -pa "SampleKeys" "NT AUTHORITY\NETWORK SERVICE"
I got the same error saying that "RSA container was not found."
I also gave read access to ASPNET user on "C:\Document and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKey" folder.
but nothing worked.
Am i missing something?
Found the answer! You always need to reference the "SampleKeys"-exp once you create a key for exporting.
aspnet_regiis -pa "SampleKeys"-exp "NT AUTHORITY\NETWORK SERVICE"
Be sure to open the command window as an administrator. And try again.
Also, in this thread:
http://forums.asp.net/t/960412.aspx/1?RSA+Key+container+was+not+found+ERROR
a default container was created using this command:
aspnet_regiis -pc "NetFrameworkConfigurationKey" -exp
Related
I recently converted a private NuGet repository to require authentication.
To build a project that uses that repository, I added the authentication to the local NuGet.Config with NuGet Sources add -name [repo_name] -Source [source_url] -UserName [username] -Password [password].
I now get the following error when I try running dotnet restore:
Password decryption is not supported on .NET Core for this platform. The following feed uses an encrypted password: 'nuget-sdet'. You can use a clear text password as a workaround.
I know that this isn't supported on linux, but I'm running this on Windows Server 2012 R2.
This is running on a very old version of .NET Core: 1.0.0-preview2-003121.
Is password decryption supported on Windows for newer versions of .NET Core?
Or am I stuck between either storing the password in clear text or re-enabling anonymous access to the feed?
In non windows OS you should add the suffix of --store-password-in-clear-text
to your add command.
As specified in the dotnet nuget add source article here
--store-password-in-clear-text
Enables storing portable package source credentials by disabling password encryption.
I have just came across to this issue on VS for Mac. Answers here are not really enlightening and microsoft documentation is unclear. The name --store-password-in-clear-text sounds like you have to store your repository password. Actually you can simply use an access token instead of your username.
For example on Azure Devops, you go to right-upper corner your account icon as in the image and select "Personal access tokens"
Then create a new access token by giving the permission Packing read
Copy your newly created access token use the command below using from the VS menu Tools->SDK Command Prompt
dotnet nuget add source https://myfeed/nuget/v3/index.json -n myFeed
-u usernamenotimportant -p yourtokencomeshere --store-password-in-clear-text
This command will update your nuget.config file which is found on the path ~/.nuget/Nuget/Nuget.config this path is important because this is the Nuget.Config file used and displayed by Nuget package manager in VS4Mac.
As mentioned here on the MS docu, other path there is the 2nd Nuget.Config ~/.config/NuGet/NuGet.Config that is not displayed by the Package Manager, i think that it is still used by MsBuild but not displayed. it will probably still work but can cause confusion as the Package Manager doesn't show your nuget source and your private packages.
Last point is, dont use Nuget CLI to add the source which is similar command like below
nuget add source https://myfeed/nuget/v3/index.json -name myFeed
-username usernamenotimportant -password yourtokencomeshere -StorePasswordInClearText
This command is updating the other Nuget.Config on the .config folder that wont be displayed by the VS for Mac.
So at the end only your Token is stored like below
<packageSourceCredentials>
<myFeed>
<add key="Username" value="myusername" />
<add key="ClearTextPassword" value="mytokencomeshere" />
</myFeed>
</packageSourceCredentials>
how to properly sign an .exe with a pfx certificate installed on machine.
I have a pfx certificate by the name "Services installed. I tried signing the exe with this command.
.\sn.exe -Rc "%Directory%\File.exe" "Services" >> "%LogPath%"
It gave no errors. But when I ran this exe file, it started throwing error for the internal project dll(ExtraFile.dll), which is referenced inside File.exe project.
This dll I am already signing before signing the File.exe file. So the signing steps are as follow.
.\sn.exe -Rc "%Directory%\ExtraFile.dll" "Services" >> "%LogPath%"
.\sn.exe -Rc "%Directory%\File.exe" "Services" >> "%LogPath%"
Please note that ExtraFile.dll is referenced under File.exe project.
Creating a cryptographic key pair using the Strong Name tool (Sn.exe) and assigning that key pair to the assembly using either a command-line compiler or the Assembly Linker (Al.exe). The Windows SDK provides both Sn.exe and Al.exe.
I've got a Windows Docker container (microsoft/aspnet) that is hosting a simple Web API. The web API accepts files from a form, saves them in a temp folder, does some processing, and then returns the result.
This works fine when deployed locally, but when done in my Docker container, I get a file permissions error on my temp folder (App_Data).
Is there a way to grant the IIS user the code is running as access to this file, or to open up the folder to any user for read/write access?
Current Docker file is below:
FROM microsoft/aspnet
COPY ./Deploy/ /inetpub/wwwroot
RUN mkdir /inetpub/wwwroot/App_Data
Error message snippet I get running API from docker image:
"InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Access to the path 'C:\\inetpub\\wwwroot\\App_Data\\BodyPart_481b6424-f9a5-4608-894d-406145a48445' is denied.","ExceptionType":"System.UnauthorizedAccessException"
It looks like there is a bug open on the aspnet-docker github about this same issue. [link]
In the meantime, it looks like running cacls App_Data /G IIS_IUSRS:F after starting the container fixes the issue temporarily.
Unclear why, but cacls doesn't seem to be working when run as part of building the container. Switched to using icacls, and was able to grant the IIS_USRS permissions on the folder.
Line added to dockerfile:
RUN icacls 'C:\inetpub\wwwroot\App_Data' /grant 'IIS_IUSRS:(F)'
I can't comment as I don't have enough reputation, but if the answer by #Darendal doesn't work (which it did not for me), then try this syntax
RUN icacls C:\inetpub\wwwroot\App_Data /grant "BUILTIN\IIS_IUSRS:(OI)(CI)F" /t
My dockerfile did not accepted any of the other answers. Below is one more alernative.
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8
SHELL ["powershell"]
RUN & ICACLS "'C:\inetpub\wwwroot\App_Data' /grant 'IIS APPPOOL\DefaultAppPool:(OI)(CI)F' /T"
I am trying to encrypt some sections of the web.config file of one of my applications by using RSA encryption at user level.
So I followed all the steps listed in here and I succesfully created the provider and granted access to my application. However, I have some problems in specifying the virtual path for my application.
I run IIS 7.5 in a Windows Server 2008 R2. My application is called www.testsite.com and its ID is 4.
The aspnet_regiis tool is placed in the Windows\Microsoft.NET\Framework\[version] folder:
Therefore in order to encrypt the connectionStrings section I run the command:
aspnet_regiis -pe connectionStrings -app "[Application Path]" -prov "myRSAProvider"
I tried as [Application Path], the followings:
/W3SVC/4
/W3SVC/4/root
/W3SVC/4/root/www.testsite.com
/www.testsite.com
And I always receive the error
The configuration for virtual path '[Application Path]' and site
'Default Web Site' cannot be opened.
Failed to map the path '[Application Path]'. Failed!
I tried to browse many resources on the web but this IIS virtual path specification is not extensively covered. In IIS6 I could get it by running aspet_regiis -lk but this command does not work anymore in IIS 7.5. May somebody help?
You may be having two issues.
At the end of your command statement specify your site with the command -site "4" Also note that instead of the #4 you could write in your site name instead. e.g. -site "www.testsite.com"
aspnet_regiis -pe connectionStrings -app "[Application Path]" -prov "myRSAProvider" -site "4"
It is also very important that you run the command prompt as Administrator.
I had the same error you had running IIS 7.5 in a Windows Server 2008 R2 and this is what helped me.
I am having too much trouble with this IIS.
First it was giving me an error Virtual directory denied.
I realized there was no default.aspx in the documents tab.. (it has default.asp, default.htm, iistart, index.htm). Checked that liitle box enable default documents
Now it says Failed to access IIS metabase
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Hosting.HostingEnvironmentException: Failed to access IIS metabase
This is the first time working on IIS.. So I need ur hints and fixes
Thanks
SC
You need to install the .net framework on you system
Open visual studio command prompt and type this command
aspnet_regiis -ga <UserName>
if this doesn'twork than use this command
aspnet_regiis -i
alternatively you can copy and paste this command into windows command prompt
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
this will fix your problem