I have a project that is running on the server. I want to modify it on a local machine, but connection strings in the web.config file are encrypted using regiis. To decrypt it I tried this article:
http://ryaremchuk.blogspot.com/2012/11/encrypting-and-decrypting-webconfig.html
I copied the project to a folder on the hard desk on my local machine; so its path is C:\project1.
In the prompt interface I reached: C:\windows\Microsoft.NET\Framework\v4.0.30319. Then I used this command with no luck:
aspnet_regiis -pd "connectionStrings" -app "C:\project1"
Is my command wrong? Should the project be in a different path?
Related
I am having a challenge that is specifically unique to me. I have browse the questions and answers catalog and what i found does not specifically address my scenario.
I created Windows Application on C#.Net with SQL Server CE at the back-end. I want the Application to be packaged in CD in such a way that my User will not install it rather will just insert and use the Application.
I have build the Application and copied the DB file, Application File, Configuration Files, Manifest Files and the .dll files to a folder and zipped it. Then copied the zipped folder to a CD ROM and run on a different system.
On the System I installed SQL Server CE Runtime installer. The Application executed successfully but when I attempted to submit a Form that is connected to the .sdf database the following exception was thrown:
The path is not valid. Check the directory for the database. [Path = C:\Users\John\AppData\Temp\Temp2_App.zip\App\Data\abc.sdf]
My Application Connection String at App.Config is:
<connectionString>
<add name="MyApp.Properties.Settings.MyAppConnectionString"
connectionString="DataSource =|DataDirectory\\abc.sdf|"
providerName="Microsoft.SqlServerCe.Client.3.5 />"
</connectionString>
The Connection Strings I used in my codes is:
string conString = "Data Source=|DataDirectory|\\Data\\abc.sdf";
Please what is it that I am getting wrong. Please help me.
Well, in the quest to finding a solution to the problem I have modified the App.Config Connection String to:
<connectionString>
<add name="MyApp.Properties.Settings.MyAppConnectionString"
connectionString="DataSource =|DataDirectory|\\Data\\abc.sdf"
providerName="Microsoft.SqlServerCe.Client.3.5 />"
And when I executed the Application on a user Machine it flag the exception - Access to the database file is not allowed. [File name = E:\App\Data\abc.sdf].
I have an MVC Web Application which reads a .pem file for encyption. In IIS Express, I copied the .pem file on IIS Express folder, and I could get it like
RSA rsa = RSA.FromPublicKey(BIO.File("./RSAKeys/TestPublic.pem", "r"));
When I publish the project on IIS the code above gives me the errors:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
I copied the RSAKeys folder both on the bin folder and the root folder of the project.
I could not get over this error. What can I do?
Thanks.
The MapPath method maps the specified relative or virtual path to the corresponding physical directory on the server.
RSA rsa = RSA.FromPublicKey(BIO.File(System.Web.HttpContext.Current.Server.MapPath("~/RSAKeys/TestPublic.pem"), "r"));
I am a new C# programmer. I made a setup file of an application in Inno setup, but when I use this application after installation, the application crashes when it tries to access (read) an existing folder in the computer (which the user has permission to access otherwise). This folder does not contain any program file, or logs. It just contains some media files which are already in the computer.
I saw the Inno script format, but it shows only how to give permission to access program files/folders only, what about the files which are already there in the computer? Shouldn't the application should have access to files which the user (who installed it)has access to ?
To set permissions on existing files or folders, you can use the Windows cacls command in the [Run] section.
Filename: "{sys}\cacls.exe"; Parameters: """C:\My Folder\My File.ext"" /t /e /g ""Everyone"":f ""Power Users"":f ""Users"":f ""Authenticated Users"":f "; StatusMsg: "Configuring Windows settings..."; Flags: runhidden
Type cacls /? at a command prompt for all available switches and syntax.
It worked when I used
"Permissions: users-modify" in [Dirs] section.
I have added <MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule> to .pubxml file in order to encrypt web config file. However, when publishing, i got the following error. I do not know whether there is extra setting needed in the web.config file other than inserting <MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule> in .pubxml
Error:
Web deployment task failed.(Fail to encrypt destination web.config. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG.)
Note: #ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG does not appears anywhere on the given link.
How could i resolve this error? (note: i do not wish to pre-encrypt the web.config file locally before publishing it)
The problem seem to be that MSDeployEnableWebConfigEncryptRule doesn't work with MVC project that have multiple web.config files. Typically MVC project has Views/Web.Config file. This seems like a bug with MSDeploy.
My Workaround is to have a post deployment powershell script to perform same command on the destination server. See http://www.iis.net/learn/publish/using-web-deploy/web-deploy-powershell-cmdlets
Powershell Script Sample:
Add-PSSnapin WDeploySnapin3.0
$cmd = '%windir%\Microsoft.NET\Framework\v4.0.30319\ASPNET_REGIIS.exe -{0} {1} "{2}"' -f 'pef', 'connectionStrings', $destinationFolder
New-WDPublishSettings -UserId $UserName -Password $Password -ComputerName $destination -AllowUntrusted -FileName server.publishsettings -AgentType MSDepSvc -Site $Website
Invoke-WDCommand -Command $cmd -DestinationPublishSettings server -Verbose
I was getting this same message too.
I looked in the Web Deployment logs in the Event Viewer > Microsoft Web Deploy. The Exception it was giving me was:
ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG
Microsoft.Web.Deployment.DeploymentDetailedClientServerException: Failed to encrypt destination web.config: .... Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG. ---> System.Security.Cryptography.CryptographicException: Object already exists.
Googling this led me to this answer from "Just TFS": Release Management Agent not connecting
Which said "The Deployer user (\) does not have access to the crypto store. On the server where the deployment agent is installed, navigate to this folder %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys and give read/write access to \. – Just TFS Sep 3 '14 at 12:08"
So I attempted to give my MS Deployer user account read/write to that MachineKeys folder but it denied me access to do so. I ended up adding the deployer user account as a local Administrator and that did the trick.
Was able to deploy with it encrypting the web.config file successfully to the server.
We are getting the following error (in asp.net website) when applied encryption.
Parser Error Message: Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
Note: Please see the steps listed below that we followed. (We have granted ACL permission for NT Authority\Network Service on NetFrameworkConfigurationKey)
Note: We are using Windows Authentication Enabled and ASP.NET impersonation Enabled in IIS7. It is running in Windows Server 2008. The access is controlled based on whether a user is part of allowed AD group (which will be listed in config file).
The interesting part is that this error happens when users of group1 (from location1) access it. When users of group2 (from locatiob2) try to access it, the error does not come.
Any thoughts on how to correct it?
We have followed the steps listed below from our deployment document.
Run the Command Window in Administrator Mode. (In Windows Server 2008 , type cmd and press CTRL+SHIFT+ENTER)
Go to the folder C:\Windows\Microsoft.Net\Framework\v4.0.30319\ using change directory command (cd).
Type the following command to create RSA Key Container. aspnet_regiis -pc "NetFrameworkConfigurationKey" –exp
Type the following (to add ACL for access to the RSA Key Container) and press enter aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"
Type the following (after replacing the highlighted text with the location where the service is deployed) and press enter to encrypt the connections string in Service’s Web.Config. aspnet_regiis.exe -pef "connectionStrings" "C:\MyWCF\ServiceName"
Type the following (after replacing the highlighted text with the location where the website is deployed) and press enter to encrypt the connections string in Website’s Web.Config. aspnet_regiis.exe -pef "connectionStrings" "C:\MyWeb\WebsiteName"
Type the following (after replacing the highlighted text with the location where the web.config file for the website is available) and press enter to encrypt the sessionState values in Website’s Web.Config. aspnet_regiis.exe -pef "system.web/sessionState" "C:\MyWeb\WebsiteName"
Verify that the connection strings and SessionState values are encrypted.
Verify the following details in configProtectedData section in Machine.Config.
• Verify that defaultProvider="RsaProtectedConfigurationProvider"
• Verify that keyContainerName="NetFrameworkConfigurationKey"
Note: Default location for machine.config is C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Config
Following is an approach I tried which does not involve Machine config.
Note: If the destination is in Windows Sever 2008, the encryption steps need to be executed in a Windows Server 2008 itself.
Executed the below codes in server A
Note:- Registering key
cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pc "MyProjectKeys" -exp
Note:- GRANTING ACCESS on SERVER A only
aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"
Exported XML file containing RSA Key
aspnet_regiis.exe -px "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml –pri
Added the following in web.config
<configProtectedData>
<providers>
<clear/>
<remove name="RSAProtectedConfigurationProvider" />
<add name="RSAProtectedConfigurationProvider" keyContainerName="MyProjectKeys"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
useMachineContainer="true" />
</providers>
</configProtectedData>
Encrypted
aspnet_regiis -pef "connectionStrings" "E:\wmapps\webroot\myservice" -prov "RsaProtectedConfigurationProvider"
Copied the encrypted files in B Server.
Copied the key xml file into the B Server.
Created batch file with the following commands and Executed (for Key registration and granting access)
c:
cd C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis.exe -pi "MyProjectKeys" E:\wmapps\webroot\myservice\MyProjectKey.xml
aspnet_regiis.exe -pa "MyProjectKeys" "IIS APPPOOL\testpsreloservices"
aspnet_regiis.exe -pa "MyProjectKeys" "NT AUTHORITY\NETWORK"
If you have impersonation enabled, the RSA key container will be accessed using the identity of the user accessing the application---not Network Service.
You'll either need to disable impersonation, or add all the users that can access the application to the ACL of the key container.
In my case, I had made my connection strings encrypted using ASPNET_REGIIS. I had one last application I finally got around to modifying to move from an older server to this server where encryption key was used. There was an older version of this application deployed already but not used. When I deployed (Published) the latest version to the server, I used the Replace method instead of delete. I came across this error, and stumbled here. None of the solutions worked for me.
My Fix:
so I decided to clear the contents of the application folder, and re-publish.
Doing so corrected my issue.