I would like to encrypt the connectionstrings section in my web.config file using the : ASPNET_REGIIS utility However I'm running Windows 7 pro, that is without any IIS.
Is it possible for me to do it.
The path (on my local pc) to the website containing the web.config file is like this:
C:UsersmyUserDocumentsVisual Studio 2010ProjectsmyWebsitemyWebsiteWeb.config
I'm trying to programmatically encrypt the connectingstrings section of my web.config, using the below code, which I have gotten from here.
[URL]
The problem is that nothing happens when I click encrypt.
This is my code.
[Code]....
[Code]....
And this is the web.config
[Code]....
Has I understand is the section should be encrypted, but it never happens.
i have mail setting in web.config
[Code]....
Now how i encrypt only the Password ?
I fully followed the steps in this page [URL]
look at the step 5 at "Using the Example Provider in an ASP.NET Application" element , I entered the command "
aspnet_regiis.exe -pe "connectionStrings" -app "/SessionState" -prov "TripleDESProvider"
" at the windows command line, it asked me "The protection provider 'TripleDESProvider' was not found"
I make sure the files keys.snk and keys.txt are in the same folder and the file web.config is correct. Who can tell me the reason for the error and how do I handle with it?
Our conn strs reside in an external file <connectionStrings onfigSource="ConfigurationConnectionStrings.config" />Is there a way to encrypt this external file either using aspnet_regiis or System.Configuration?
View 4 RepliesI'm all set on the server side with the RSA key pair installed. Where I'm hung up is trying to get the job done on the web.config file ... can't seem to get the aspnet_regiis command string right. I am using the command string provided by the web host (DiscountAsp.net). Most (all) of the examples I read use a website on the development machine. I actually registered my project in IIS and tried that but it didn't work. In any case I would rather not have to go to the hassle of registering a project in IIS anyway if I can avoid it.
Details:
My web application project is in a folder on my local machine:
D:Projects<project name>
This is most recent (failed) attempt to use aspnet_regiis:
C:WINDOWSMicrosoft.NETFrameworkv4.0.30319aspnet_regiis.exe -pe "connectionStrings" "D:Projects<project name>"
Is it possible to just do this manually by looking at the NetFrameworkConfigurationKey_xxxxx.xml file and entering the values? Seems like it should be do-able except I'm not sure how to parse the xml file for the correct values.
On a related note, when I add the following code to web.config it "announces" that "The keyContainerName attribute is not allowed". Ditto useMachineContainer
[Code]....
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
If I encrypt something in my config file using aspnet_regiis.exe -pef "appsettings" "path" which i think will use my logged in id's credentials. If i deploy this application on some other machine where some other user id is used to login. Will there be any issues or .......?
View 1 RepliesI have many Connection strings in my web.config file. I also have a "dataConfiguration" setting in the same file which specifies what database my app connects to.
How do I read the "defaultDatabase" setting / section from the, see below xml file.
<configuration>
<configSections> [code]....
Is it possible to have separate config files for specific sections of the web.config? Specifically I'd like to move IIS 7's rewrite section out of the web.config and into it's own config file.
View 3 Repliesi have created a bat file to run the aspnet_regiis exe to encrypt the connectionStrings of web.config file on the remote machine. the same is working when i ran the file on remote machine itself. but is it not working when i call it from another bat file from my local machine which is shared with remote machine. my code loos like:
<remote_server><frmaework_path>aspnet_regiis.exe -pef "connetionStrings" <remote_server><physical_path_application>
<remote_server><frmaework_path>aspnet_regiis.exe -pa "netfrmaeworkconfigurationkey" "ASPNET"
The below is the custom config files
<Test>
<testA att1="A" att2="B" att3="C"/>
<testB att1="A" att2="B" att3="C"/>
</Test>
If I send testA then the class will return all testA attributes i.e att1, att2 and att3 values.
testA, testB will vary.. that means in future we will add another two tags i.e testC, testD and so on.
My application will be returned all the attributes based on my inout (testA...).
I used the article Creating a Flexible Configuration Section Handler to create a Flexible Configuration Section Handler in my application.
I also saw this article entitled Encrypting Custom Configuration Sections on the OdeToCode blog, on how to encrypt portions of a web.config file.
From the first article, we have this web.config code.
[code]...
what are the different sections in web.config file?
View 1 RepliesI am getting the error "An error occurred loading a configuration file: Access to the path is denied."
When I am in VS 2010, I can Encrypt as long as I run as administrator. Code as follows:
[Code]....
My problem is I need to run this in IIS. What is stopping me? It's a permission problem, but what permission. I am running IIS 7.5 on Windows 7. This is happening on my production server as well. Same error.
I have downloaded template for my web site and made it a master page after few weeks I have started my work on it but now it is giving me error.
Sections must only appear once per config file. See the help topic <location> for exceptions.
and showing that line 69 this error is in the given below code.
<?xml version="1.0"?>
We have a scenario using asp.net Forms Authentication in a web farm and need to setup identical <machinekey /> sections on each servers .config file.
Is it better to store the <machinekey /> section in machine.config rather then web.config? what's the advantages and disadvantages of each approach concerning security?
<machineKey validationKey="[keyhere]"
decryptionKey="[keyhere]" validation="SHA1" />
If its not secure enough, is there any way to encrypt <machinekey /> section like we encrypt our connectionsstring (with DPAPI)? (http://msdn.microsoft.com/en-us/library/ms998280.aspx)
If application is started without debugging - it runs smoothly, when I press F5 I get: "Unable to start debugging on the web server. Could not start ASP.NET debugging. More information may be available by starting the project without debugging. Click Help for more information"I noticed that problems are caused by URL Rewrite section in web.config:
<rewrite>
<rules>
<clear />
<rule name="LowerCaseRule" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
when I comment it out - I can start debugging. Also debugging works on VS's built-in web server.I'm running Win7 64 bit, VS 2010, application's framework is 4.0, in IIS application has ASP.NET 4.0 Intergrated pool set
How can I encrypt a web.config file? And how can I then decrypt it again?
View 2 RepliesHow to use encrypt web.config in deployment?Where it should be kept?
Or in other way how to encrypt web.config file in deployment?
I'm trying to encrypt the connection strings in my web.config. I'm following:
http://msdn.microsoft.com/en-us/library/2w117ede.aspx
however when I get to the part with the command:
aspnet_regiis -pe "connectionStrings" -app "/MyApplication" -prov "MyProvider"
it keeps complaining:
"The configuration for the virtual path '/MyApplication' and site 'Default Web Site' cannot be opened
Failed to map the path '/myapplication'
Failed!
I'm fairly sure I've followed the instructions correctly. I created the project named 'MyApplication' directly in the 'C:' root.
Perhaps I should be following a different set of instructions?
How to encrypt web.config fileĀ
How to useĀ 'DataProtectionConfigurationProvider'...
i have designed a website in my desktop and used WAT of visual studio 2008 from Website menu and then selecting ASp.Net configuration.
Now i have copied my website to a server in my local network, server name=isaserver.
i try to access WAT utility of my website at isaserver. when i change webconfig file to correct data source, utility is working but
if i create a user using my website's create user form, then that user appears in aspnetdb database of isaserver but i am not able to see that user using WAT utility.
if i create a user using WAT utility then i am not able to login into my website hosted at isaserver using that username.
no matter how i create a user, either through my website's create user form or through WAT which is mapped to isaserver, both the users will appear in aspnetdb database of isaserver.
I currently have a website which I want everyone to be able to view, authenticated or not. But if someone does sign in, I want different controls and different C# code to be run on the page.
At the moment I have not put any asp security in. I just have two text boxes that check against the database then keep the user logged in using a session variable. Each page then checks to see if the logged in session variable has a user in it and runs the code.
I'm assuming this is not the most secure way, is there a way to do this correctly?
Is there any tools available to encrypt and decrypt Asp.net Web configuration sections like connection string ,etc.?
Can i get any add-on for this?If i use Enterprise Library i can do so,but without that is there any simple utility available?