Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to encrypt a config file specified as a configSource from web.config?

Tags:

asp.net

iis

encryption

web-config

aspnet-regiis.exe

I have a custom section in my web.config I need to encrypt. This custom config section uses the configSource attribute to point at a separate config file (as this file is not to be source controlled) and I'd like for this separate config file to be encrypted. I'm not having any luck using aspnet_regiis.exe to encrypt this section.

Is what I'm trying to achieve possible?

My web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <configSections>
        <section name="protectedAppSettings" type="System.Configuration.NameValueSectionHandler, System,Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />       
    </configSections>       
    <protectedAppSettings configSource="config\EnvironmentConfigurations\ProtectedAppSettings.config" />
  </configuration>

My custom configuration file:

<?xml version="1.0" encoding="utf-8"?>
<protectedAppSettings>  
  <add key="XXX" value="xxx"/>
</protectedAppSettings>

I've added aspnet_regiis to my path so I can call it from the root directory of my site. This is the command I'm executing:

aspnet_regiis -pef protectedAppSettings ""

The output I get from this command tells me that encrypting was successful

I've found this link that says that it should just work but it doesn't for me..

like image 685
Braydie Avatar asked Nov 17 '16 09:11

Braydie

People also ask

How do I encrypt a Web config file?

Encrypting a Web Configuration Section To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name of the configuration element to be encrypted. Use the –app option to identify the application for which the Web.

What is Web config file Why do we use Web config file?

A web. config file is a Windows file that lets you customize the way your site or a specific directory on your site behaves. For example, if you place a web. config file in your root directory, it will affect your entire site (www.coolexample.com).

1 Answers

This was because of the type I was using to define my config section. Although there are no docs to prove it, it appears that the NameValueSectionHandler type does not encrypt when used for a config source. The solution was to change the type to System.Configuration.AppSettingsSection and the encryption works correctly

like image 99
Braydie Avatar answered Nov 14 '22 21:11

Braydie
Sign in to Comment

Related questions

ASP.NET MVC, create View method that would return multiple objects to the view
How can I change the table names used by asp.net identity 3 (vnext)?
How to delete old aspnet users with aspnet_Users_DeleteUser procedure?
Read XML Response From Page
Advantages to storing UserId instead of Username in sql audit columns such as CreatedBy/ModifiedBy [closed]
Dependency Injection (DI) in ASP.NET Core/MVC 6 ViewModel
Sent Email at regular Interval to user for Password updation
SignalR hub and Identity.Claims
Return after response.redirect
ASP.NET GridView: How to edit and delete data records
Get all cache in ASP.NET Core 1
Vertical table in novacode docx without border
npm not included in ASP.NET Core Web Application
How to change iframe src without reloading the iframe?
Refresh table using AJAX in ASP.NET MVC
How to use different colors of texts in same Excel cell using ClosedXML?
How to kill .ASPXAUTH cookie at server end?
Prevent IIS Url Rewrite module from modifying HTTP 303/307 responses
What are the .NET Standard versioning rules?
When using the multi-mapping APIs ensure you set the splitOn param if you have keys other than Id“, ”splitOn with Multiple relations

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!