Configuration :: Theoritical Problem When Encryptin Machinekey
Mar 6, 2010
I encrypt my machinekey with aspnet_regiis The problem is on this lines on web.config.
[Code]....
on the first line The 'configProtectionProvider' attribute is not declared on the second line The element 'machinekey' cannot contain child element 'http://www.w3.org/2001/04/xmlenc#Element:Encrypteddata' because the parent element content model is empty.I've read that it has something to do with intellisence and the application will work ok.
I had "Invalid viewstate" error in my application; I found out it's caused by worker process recycling, so I generated a <machinekey> section with explicit validationkey. refer to this link,[URL] My quesitons are 1. I have the application installed on dev, qa, stg and prd servers. Should I use the machinekey with the same(or different) validationkey for all the servers? I think it shouldn't be matter because the servers are independent from each other.
2. Where should I put the <machinekey> section, machine.config or individual application level's web.config? There are multiple applications on the server.
If I put it at the application level, does that mean other applications still may have the same "Invalid viewstate" error?
If I put it at the application level, should I add the <machinekey> section for all the other applications using the same validationkey?
I have some data I want to encrypt in an ASP.NET MVC application to prevent users from tampering with it. I can use the Cryptography classes to do the actual encryption/decryption, no problem there. The main problem is figuring out where to store the encryption key and managing changes to it.
Since ASP.NET already maintains a machineKey for various things (ViewData encryption, etc), I was wondering if there were any ASP.NET functions which let me encrypt/decrypt my own data using the machineKey? This way I would not have to devise my own key management system.
I'm trying to implement a SessionState server to allow multiple web servers to share the same state. At first this will be the different dev machines, and later it'll be the different web servers in the web farm.
So far, I'm making good progress I think, but one of the requirements has me confused. In order to implement this, I need to make sure that all web servers are using the same machine key.
This is a sample MachineKey taken from my local dev machine:
[Code]....
If we have a Session State Server deployed locally, do I need to ensure that all other machines using this service (specifically, the other devs working on the same project, and then when we deploy to the web farm) have the exact same entry in their Machine.Config files?
Or do I have to somehow generate a new machine key that can apply to all the machines?
I have a question about the encryption key/keys the standard ASP.NET Membership provider uses for creating the password hashes.Although we haven't deployed this new system we are working on yet, we might switch servers in the future. So I thought it might be a good idea to specify the encryption key/keys in the web.config file to avoid any problems with mismatched hashes if we do switch servers.We use the standard ASP.NET Membership provider ("AspNetSqlMembershipProvider"), passwordFormat is set to "Hashed" and we use Forms authentication.The current web.config file initially did not have any machineKey element. I used the web application and had registered and thus created an account and the hash of my password is stored in one of the aspnet_* tables.Then I created a machineKey element in the web.config file, and specified validationKey, decryptionKey, validation and decryption attributes. I had expected not to be able to log in with my password anymore, but I was surprised that I could still do so with the existence of the new machineKey specifying new encryption keys.So - why can I still log in?Does the AspNetSqlMembershipProvider not use the encryption keys specified in machineKey?
We have a scenario using asp.net Forms Authentication in a web farm and need to setup identical <machinekey /> sections on each servers .config file.
Is it better to store the <machinekey /> section in machine.config rather then web.config? what's the advantages and disadvantages of each approach concerning security?
If its not secure enough, is there any way to encrypt <machinekey /> section like we encrypt our connectionsstring (with DPAPI)? (http://msdn.microsoft.com/en-us/library/ms998280.aspx)
We (out IT partner really) recently changed some DNS for a web farmed site we have so that the two production server have round-robin DNS switching between the two. Prior to this switch we didn't really have problems with WebResource.axd files. Since the switch, when we hit the live public URL, we get an error:
CryptographicException
Padding is invalid and cannot be removed.
When we hit the specific servers themselves, they load fine. I've researched the issue and it seems since they're sharing assets between two servers, we need to have a consistent machineKey in the web.config for each server so they can encrypt and decrypt consistently between the two. My questions are:
Can I generate a machineKey via a tool on the server, or do I need to write code to do this?
Do I just need to add the machineKey to the web.config on each server or do you think I'll need to do anything else to make the two server work together? (Both web.config's currently do not have a machineKey)
I am getting this error on a website. does that mean the server is not competible with asp.net 3.5
Configuration Error Description:An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Excuse me this common error. I´ve found a lot of info in Google but I´ve not found my error. I´m trying to read some data from a custom section in web.config and I don´t know which is my error?
I built my ASP.NET website using vs2008 professional.
Now I have purchased vs2010 professional edition.
I do format my computer and then installed vs2010.
Now I want to deploy my website in vs2010, but it is giving configuration error in <add assemblies...
Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Could not load file or assembly 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
We can retrieve configuration sections from web.config in the following two ways: Configuration config = WebConfigurationManager.OpenWebConfiguration("/"); AuthenticationSection authSection = (AuthenticationSection) config.GetSection(@"system.web/authentication");
Web.config is the main settings and configuration file for an ASP.NET web application. The file is an XML document that defines configuration information regarding the web application. The web.config file contains information that control module loading, security configuration, session state configuration, and application language and compilation settings. Web.config files can also contain application specific items such as database connection strings
Example 1:
<!-- This is an example Web.config file -->
[Code]....
In this article, we will see how to read the configuration settings in the web.config using 'JavaScript'.
Step 1: Create a new ASP.NET website. Add a button control to the Default.aspx.
Step 2: Right click the project > Add New Item > Web Configuration File
Add the following sample entry to the appSettings section in the web.config between the <configuration> tag as shown in the example 1:
<add key="var1" value="SomeValue"/>
Step 3: To read these entries using JavaScript, add the following script in the <head> tag of your Default.aspx page as shown below:
<head runat="server"> <title></title> <script type="text/javascript"> function ReadConfigSettings() { var v1 = '<%=ConfigurationManager.AppSettings["var1"].ToString() %>' alert(v1); } </script> </head> Step 4: Call this function on a button click and display the values of the configuration settings
<input type="button" value="Get" onclick="ReadConfigSettings();" /> That's it. Run the application and click the button. The value of the key in the appSettings will be displayed in the alert window. I hope you liked this short article.
We are going develop a web application using asp.net. This applicaton is going to server 50 users per day and 40 users concurrently. As the user count is less, we are planning to have two webservers clustered under a webfarm. We are planning to go for a Sticky Session. Netscaler is the load balancing and reverse proxy we are using at hardware level to route to the same webserver till the end of the client session.
1. Do I need to implement any handler at asp.net level to route the session or to provide browser cookie details of session to NetScaler? If so, what should be implemented in detail. Any sample code will also be helpful.
2. I need to maintain a big chunk of object information in session. Does a webserver can handle it?
3. At the hardware level how ReverseProxy works to navigate it to the same webserver? I want conceptual details of it from a web application end.
I keep getting the all-too-familiar Report Viewer Configuration error, even after double-checking changes in web.config.It worked fine yesterday morning. Then by late afternoon, after I uploaded some site changes, it reverted to throwing the error.Report Viewer Configuration Error The Report Viewer Web Control HTTP Handler has not been registered in the application's web.config file. Add <add verb="*" path="Reserved.ReportViewerWebControl.axd" type = "Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0
Here is my connection string...?? I cannot for the life of me find out where I'm missing a >, or where there is an invalid < .. the debugger directs me here....
I am having serious issue running a MVC web site from IIS 6 especially with Windows authentication mode. I know its very simple but missing some ting between. Succeeded configuring MVC on IIS 6. Now Trying to enable Windows Authentication mode on MVC Web Site, Steps included in my configuration
- enabled windows authentication mode in web.config - Enabled Integrated Windows Authentication on IIS web site under Directory Security. - Given permissions to a Domain group (eg: asiaDomainGrp) [Read, Write] Do i need to add ASP.NET Machine accountIUSR_<machines name> under this?
During the intial loading, I am trying to query Active Directory to get authenticated user's full name to display on default page, this is not success full due to some issue, later I changed to "HttpContext.User.Identity.Name". Now I could able to access Default page from the web server, but real heck is here. For some reason IIS is using NT AUTHORITYANONYMOUS LOGON. [Code].... I have separated two servers as Web server/Database server.
I can't use Asp.net Configuration in visul studio 2008.when I click on Security tab , displayed below error:unable to connect to sqlserver database.please help me to solve this problem.also my server explorer can't connect to my sqlserver.
I am trying to get the .NET Framework Configuration Tool installed on my server. I am running windows server 2008 with .NET 3.5 SP1 and Visual Studio 2008.
I have dowloaded and installed the lastest version of the Windows SDK but the .NET Framework Configuration Tool is still not installed.
I searched the drive on the server for the mscorcfg.msc file and it is not there but the mscorcfg.dll is there.
After the installation of Windows SDK the program manager now shows the Windows SDK v7.1 option with a group of programs under it, but none are the .NET Framework Configuration tool.
Does anyone know how I can get the .NET Framework Configuration tool installed?
Sometimes my website falls and when I check the Event Viewer I see the next error: Event message: A configuration error has occurred. Exception type: ConfigurationErrorsException Exception message: An error occurred creating the configuration section handler for ClientConfig: Item has already been added. Key in dictionary: 'category' Key being added: 'category. But I'm sure it appears only once.
