> I have encrypted the identity section of my web.config file, using the
> RSA provider. The built-in encrypt/decrypt works just fine. The
> problem is, when I move the app to another machine.
>
> My web.config provider entry looks like this.
>
> <configProtectedData>
> <providers>
> <add name="MyProvider"
> type="System.Configuration.RsaProtectedConfigurationProvider,
> System.Configuration, Version=2.0.0.0, Culture=neutral,
> PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
> keyContainerName="MyKey" useMachineContainer="false"/>
> </providers>
> </configProtectedData>
> I moved the app, exported the key using the Certificate snap-in in
> mmc, then imported it into the other machine and used aspnet_regiis to
> grant permissions to the ASPNET user. When I try to run my app on this
> box, I get the following error:
>
> Configuration Error Description: An error occurred during the
> processing of a configuration file required to service this request.
> Please review the specific error details below and modify your
> configuration file appropriately.
>
> Parser Error Message: Failed to decrypt using provider
> 'RsaProtectedConfigurationProvider'. Error message from the provider:
> The RSA key container could not be opened.
>
> Source Error:
>
> Line 68: <authentication mode="Windows"/>
> Line 69: <identity
> configProtectionProvider="RsaProtectedConfigurationProvider">
> Line 70: <EncryptedData
> Type="http://www.w3.org/2001/04/xmlenc#Element"
> Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
> Line 72: <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
> If I delete the encrypted section in the web.config file on the new
> box, then re-encrypt from there, it works fine again, but is not
> portable to my other machine. This makes me think that the
> export/import is not working correctly.
>
> Any ideas?
>
> Thanks.
>

"Dominick Baier" wrote:

> use aspnet_regiis for the im/export...
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > I have encrypted the identity section of my web.config file, using the
> > RSA provider. The built-in encrypt/decrypt works just fine. The
> > problem is, when I move the app to another machine.
> >
> > My web.config provider entry looks like this.
> >
> > <configProtectedData>
> > <providers>
> > <add name="MyProvider"
> > type="System.Configuration.RsaProtectedConfigurationProvider,
> > System.Configuration, Version=2.0.0.0, Culture=neutral,
> > PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
> > keyContainerName="MyKey" useMachineContainer="false"/>
> > </providers>
> > </configProtectedData>
> > I moved the app, exported the key using the Certificate snap-in in
> > mmc, then imported it into the other machine and used aspnet_regiis to
> > grant permissions to the ASPNET user. When I try to run my app on this
> > box, I get the following error:
> >
> > Configuration Error Description: An error occurred during the
> > processing of a configuration file required to service this request.
> > Please review the specific error details below and modify your
> > configuration file appropriately.
> >
> > Parser Error Message: Failed to decrypt using provider
> > 'RsaProtectedConfigurationProvider'. Error message from the provider:
> > The RSA key container could not be opened.
> >
> > Source Error:
> >
> > Line 68: <authentication mode="Windows"/>
> > Line 69: <identity
> > configProtectionProvider="RsaProtectedConfigurationProvider">
> > Line 70: <EncryptedData
> > Type="http://www.w3.org/2001/04/xmlenc#Element"
> > Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
> > Line 72: <EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
> > If I delete the encrypted section in the web.config file on the new
> > box, then re-encrypt from there, it works fine again, but is not
> > portable to my other machine. This makes me think that the
> > export/import is not working correctly.
> >
> > Any ideas?
> >
> > Thanks.
> >
>
>