dotnet security: Cannot encrypt web.config appSettings on virtual directory -- dotnet security

Cannot encrypt web.config appSettings on virtual directory

dink337
5/2/2007 2:04:00 PM

dotnet security:

Hopefully one of the RSA guru's here can help me with this one.

I have a server with two sites running, one on port 80, the other on port
8080.
The application I'm working with is running under the site on port 8080 and
for this example I'll use the name of "test" for the virtual directory of the
application (so to access the app its http://localhost:8080/test).

After configuring the web.config with the user name and password that I want
to encrypt:

<appSettings>
<add key="UserName" value="TestUser" />
<add key="Password" value="TestPassword" />
</appSettings>

Then adding the "configProtectedData" section:

<configProtectedData>
<providers>
<add keyContainerName="CustomKeys" useMachineContainer="true"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="CustomProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.
Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>

I then run the aspnet_regiis tool to encrypt the "appSettings" section:

aspnet_regiis -pe "appSettings" -app "/test" -prov "CustomProvider"

The problem is that when I attempt to run this I get an error that the site
"/test" and "Default Web Site" cannot be opened and that there is an error in
the "site" parameter.

How do I run this to take in account a virtual server that is not on port
80? (this seems to be where the issue lies).

On another test machine that only had one site (port 80), I was able to
encrypt the web.config section with no problems, but since I've tried it on
this box I havent had any success yet.

Thanks in advance for any help offered on this!

RE: Cannot encrypt web.config appSettings on virtual directory

dink337
5/4/2007 7:41:02 AM

Update:
I did find that I was able to get encryption to work following the process
layed out on the "Web Farm Scenario" detailed on the MS page
"http://msdn2.microsoft.com/en-us/library/ms998283.aspx". I used a separate
machine having only a "Port:80" site to perform the encryption and exporting
the key to an xml file, then pushing the site to my dev box that had both the
port:80 and port:8080 sites (published site to the localhost:8080/test site),
and finally importing the xml file then running the aspnet_regiis -pi
"CustomKeys" "C:\CustomKeys.xml" command to set the machine key for
decryption.
Not sure why this method works fine but performing the encryption directly
on the machine doesn't, but at least I do have a workaround that lets me get
the process done.

I'd still like to know if anyone does have some thoughts on this because its
doesn't make sense why I cant perform the encryption directly on the target
machine if it has more than one "ported" site.

Thanks,

Dez

[quoted text, click to view]

Re: Cannot encrypt web.config appSettings on virtual d ...

Claudio Castillo
5/31/2007 1:08:29 PM

I was having the same problem and as you said i think it is because of the secure port configuration on the virtual directory, then i tried the webfarm solution, but it dit not work. so i started to read the options of the aspnet_regiis tool and finally i found my solution, with the option -pef you can specify the section you want to ecrypt and the physical directory where you have the your app's web.config.
In the end the command line looks like this aspnet_regiis.exe -pef "connectionStrings" "C:\webappsfolder\my_root_web_folder"

I hope it helps somebody because it did trouble me a lot XD

Re: Cannot encrypt web.config appSettings on virtual d ...

Claudio Castillo
5/31/2007 1:12:19 PM

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the dotnet security group.