Using ASPNet_Regiis to encrypt custom configuration section - can you do it?

Question

I have a web application with a custom configuration section. That section contains information I'ld like to encrypt (was hoping to use ASPNet_RegIIS rather than do it myself).

Web.Config:

<?xml version="1.0"?>      <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">       <configSections>           <section name="MyCustomSection"                     type="MyNamespace.MyCustomSectionHandler, MyAssembly"/>     </configSections> <configProtectedData>     <providers>       <clear />       <add name="DataProtectionConfigurationProvider"            type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,                    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,                    processorArchitecture=MSIL"            keyContainerName="MyKeyContainer"            useMachineContainer="true" />     </providers>   </configProtectedData>     <MyCustomSection>        <blah name="blah1">           <blahChild name="blah1Child1" />        </blah>     </MyCustomSection> 

The configuration handler works great before trying to encrypt it. When I try to encrypt it with:

aspnet_regiis -pef "MyCustomSection" c:\inetpub\wwwroot\MyWebsite -prov DataProtectionConfigurationProvider

I get an error:

Encrypting configuration section... An error occurred creating the configuration section handler for MyCustomSection: Could not load file or assembly 'MyAssembly' or one of its dependencies. The system cannot find the file specified. (c:\inetpub\wwwroot\MyWebsite\web.config line 5)

I have tried with/without the provider configured. With/without section groups. With/Without having started the website before hand. I've tried temporarily putting my assembly in the GAC for the registration. I also tried my log4net section just to try something that wasn't mine, with no luck. I've run the command prompt as Administrator. Any ideas? Or can ASPNet_RegIIS just not be used for custom sections?

One final shot after viewing MSDN was changing my handler to inherit from ConfigurationSection rather than implementing IConfigurationSectionHandler since it was technically deprecated in 2.0 (hoping it was something regarding aspnet_regiis version). No luck there either.

Any ideas let me know. Thanks!

Answer 1

aspnet_regiis must be able to bind the assembly. The normal .net binding rules apply.

I get around this by creating directory called aspnet_regiis_bin in the same directory as aspnet_regiis.exe and an aspnet_regiis.exe.config file with aspnet_regiis_bin as a private path like this:

<configuration>    <runtime>       <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">          <probing privatePath="aspnet_regiis_bin"/>       </assemblyBinding>    </runtime> </configuration> 

I then copy the assemblies that define the custom configuration sections into aspnet_regiis_bin so that aspnet_regiis can find them.

This procedure doesn't require the assemblies to be strong named or in the GAC but does require messing around in the framework directories.

Answer 2

I am using a workaround whereby I temporarly comment out the contents of the configSections element:

<configSection>     <!--     <section name="CustomSection" type="" />     --> </configSection> 

You can then run the encryption using aspnet_regiis -pef as usual. After this has run just uncomment the section and your site is ready to run.