WCF Encrypting Connection Strings with aspnet_regiis - asp.net

I have a WCF Service talking to a web application. In the web.config files I want to encrpyt the connetion string section.
I'm using
aspnet_regiis -pe "connectionStrings" -app "/WebAppFolder"
for the web applications web.config and this works fine.
But when I do the same for the WCF service I get an internal server error when I try and connect to it via the web app.

The problem was I needed to give my machine access to the configuration key
aspnet_regiis -pa "NetFrameworkConfigurationKey" "MYMACHINE\ASPNET"

Related

How can I transfer encrypted web.config settings

I ran the following command to encrypt credentials in web.config on my dev machine and tested the code and worked fine, however I published to the web server and it would fail as apparently the encryption is specific to the machine.
I then tried to run the same command on the unencrypted web.config on my web server and it completed successfully, however the same symptoms are still present within the website, where it cannot find the credentials. What am I doing wrong? What is the proper process encrypting a web.config section and then publishing to another machine?
aspnet_regiis.exe -pef "secureAppSettings" "C:\Users\project" -prov "DataProtectionConfigurationProvider"

How to encrypt web.config and use it in Asp.net mvc5 project?

I want to know how to encrypt web.config in asp.net project?
and how can decrypt it?can asp.net decrypt it at run time or some process have to be did to decrypt the file when launching website?
for example asp.net project MVC-
you have already .net framework in your system where you are hosting IIS, and the credentials of your web.config is correct i believe.
1- open CMD as administrator
2- type "cd C:\Windows\Microsoft.NET\Framework\v4.0.30319" and enter
3- now you need to know the web.config location, example: "C:\inetpub\wwwroot\test"
now for encrypting and decrypting:
4- on CMD
for encrypting :
ASPNET_REGIIS -pef "connectionStrings" "C:\inetpub\wwwroot\test"
for decrypting:
ASPNET_REGIIS -pdf "connectionStrings" "C:\inetpub\wwwroot\test"
check your site and let me know if you face any issue:

How do I encrypt web.config connection strings during deployment from the command line, specifying the encryption provider?

I know I can do this to encrypt connection strings in a web site that is already deployed:
aspnet_regiis -pe connectionStrings
I can also encrypt connection strings in a web site before it is deployed by doing this:
aspnet_regiis -pef connectionStrings .\WebApplication1
I also know how to make my own RSA key, install it on several computers, and set up an encryption provider for that key, so I can encrypt it on one machine and publish it on another:
aspnet_regiis -pef connectionStrings .\WebApplication1 -prov MyProvider
I can even tell MSBuild to encrypt the connection strings for me during deployment by adding a line to the .pubxml file (https://msdn.microsoft.com/en-us/library/ee942158%28v=vs.110%29.aspx#encrypt_webconfig).
But what I really need to do is this:
create the web site source code and save it in source control with the connection strings decrypted;
build the web site, transforming the web.config file with web.debug.config or web.release.config;
encrypt the connection strings in the transformed web.config using my custom encryption provider;
and then publish it
all from an automated process. Note: I can't encrypt the connection strings first and then build the web site, because I have to transform the web.config file before encrypting it. I don't want to publish the web site first and then encrypt the connection strings, because I don't want the decrypted connection strings to be on the web server even for a brief time. I want to encrypt the connection strings during the deploy process, but with my own encryption provider. How can I do that? It's got to be possible. Any combination of msbuild commands, msdeploy commands, and .pubxml file settings would be acceptable.
I've tried searching for how to do this -- I really have -- but I can't find a comprehensive reference for msbuild.exe / msdeploy.exe / *.pubxml ANYWHERE. (That's a separate question.)

ASP.NET connection string encryption

The answers I found to this issue didn't seem to work. This is a difficult item to find information about on MSDN and in general.
I am using Windows Server 2003, IIS 6, Dot.Net 3.5 and Visual Studio 2008.
I need to know how to encrypt a connection string for an Asp.Net web application.
Below is my solution to this for Windows Server 2003 and IIS 6 and .Net 3.5 and Visual Studio 2008. Since the encryption is machine-specific, it HAS to be run on the web server.
Encryption Command (change PROJECT_NAME to your web app folder name):
c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "C:\inetpub\wwwroot\PROJECT_NAME"
The second command gives the ASPNET account access to the NetFrameworkConfigurationKey in machine.config.
c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
The third command gives the NT Authority\Network Service account access to the NetFrameworkConfigurationKey.
c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"
I hope this helps someone.

Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider

Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedCo
nfigurationProvider'. Error message from the provider: Object already exists.
I followed the guide in http://msdn.microsoft.com/en-us/library/2w117ede.aspx but in step 3 in To grant the ASP.NET identity access to the RSA key container, it says that my identity is my workgroup\username, I do not have impersonation in my web.config file though
I am encrypting web.config using my machine using asp_regiis, then using visual studio to debug then it came with this error
For using RsaProtectedConfigurationProvider you need to launch your Command prompt or Visual Studio as an Administrator.
For DataProtectionConfigurationProvider it is not required to run under Admin rights.
You can create your own provider using RsaProtectedConfigurationProvider to encrypt your web.xml without administrator privileges.
Create a key store:
aspnet_regiis -pc "MyKeyStore" -exp
Grant read access for any user:
aspnet_regiis -pa "MyKeyStore" "Domain/User"
Put a provider section in your web.config
<configProtectedData>
<providers>
<add name="MyRSAProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"keyContainerName="MyKeyStore"useMachineContainer="true" />
</providers>
</configProtectedData>
Encrypt your config sections:
aspnet_regiis -pef "configSection" "c:\pathToWebConf" -prov "MyRSAProvider"
Sources:
Create RSA key container and provider
Encrypt configuration
This happened on one of my servers whole trying to move web apps from the c drive to another drive.
Because I had encrypted the web.config section on drive C and moved it to another drive, it jammed up the provider causing it to fail to encrypt the section because it believes it already exists.
I'm still trying to fix it.

Resources