I have a console application in which I have some connection strings which are encrypted as shown below:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>soemvalue here</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>some valye here</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
I try to access the connection string using the console application like this:
var connectionString = ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
I get the following error:
Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.
When I try to access the same connection string from app.config without decryption then it works fine. Is there any problem with the encryption? I thought that after encryption I just have to fetch the connection string in normal manner and it will decrypt automatically.
You need to encrypt and decrypt on the same machine, or you need to export / import the key.
See this article:
http://social.msdn.microsoft.com/Forums/en-US/csharplanguage/thread/d43a4bd7-7cc1-40cf-8269-82c92894df43/
Related
<add name="connection" connectionString="Data Source=206.65.100.190,1433; Initial Catalog=dvsss; User ID=xxx; Password=234sdf;"
Please help for encrypted password in web config file
It is never a good idea to store the password because it allows all of the project's developers to view the password, and makes fixing the problem extremely difficult.If the account that is protected by the password is compromised, the owners of the system will be forced to choose between security and availability.
You can use the encryption tool available in aspnet_regiis:
aspnet_regiis -pef "connectionStrings" "c:\path\to\the\folder\containing\webconfig"
This will modify the web.config file with changes looking similar to this:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>A long cipher value</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>Another cipher value</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
Source: The ultimate guide to connection strings in web.config
I am writing a simple reporting application that pulls data from a SQL database on an external server, and sends out HTML email messages based on said data.
The project builds and executes perfectly 99% of the time, with the exception being after I modify the app.config file. The very first build and run (in Visual Studio 2012 Pro) after modifying the app.config file yields the following error:
"The operation could not be completed. The process cannot access the file because it is being used by another process."
The build succeeds, but this error is generated immediately following build.
I have found several other users with a similar problem, and the solutions were varied. None had the same error for the same reason. A number of people attributed the error to a VS debugger issue.
Has anyone else experienced the same issue, or does anyone know what may cause this? Note that I get the same error in both Debug and Release. The same error is generated even if the connection string is not encrypted.
I have included the app.config file below, as well as all code that accesses config information.
Config File:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<appSettings>
<add key="minimum_days" value="40"/>
<add key="maximum_days" value="70"/>
</appSettings>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>......ciphertext...</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>...ciphertext...</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Access Code:
private int min_threshold = Convert.ToInt32(ConfigurationManager.AppSettings.Get("minimum_days"));
private int max_threshold = Convert.ToInt32(ConfigurationManager.AppSettings.Get("maximum_days"));
private string connection_string = ConfigurationManager.ConnectionStrings["str1"].ConnectionString;
I am creating a website using MVC5 & EF6. I am also using a shared hosting to publish this website. Now the problem that I have is that my connection string at the moment is sitting in plain text in the web.config file. I am having a very hard time finding a "direct" answer on how I should deal with this.
I have come upon many articles such as this one. The article shows me how to encrypt the Connection Section of my web.config. So I tried following its example and encrypted the mail section it shows in that example. After I ran my code I noticed that my entire web.config file changed.
It use to be like this:
<system.net>
<mailSettings>
<smtp from="info#Site.com">
<network
host="mail.Site.com"
port="25"
userName="info#site.com"
password="password" />
</smtp>
</mailSettings>
</system.net>
and now it is like this:
<mailSettings>
<smtp configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>odapFFPDF1Fgsk2wyvbwVC4SNISqhWc9lXiAq+I/OW3wVVqBCPowxyen9M7c9+KUBkXmGSfaUVxDMlqutChv6g6VU8h4TWG3W6Tw/istjfw/UYrRsGguPiOqdvRsl9XLBmnS37v99+VX7FEA9TKb6ufC0a3Defp2MNpGTvTIR20=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>lHPPFRJAH2hIm/Ya+ABRMP5mo5rEYwL2aBJQ/DT4Q+1OZXaftutiddxxJZ4LSgw3pzi1QJpU8eOPwFVebvqFVA4cjs27l8Iqz50E/R/tBfS7e2oqdWTRsc8IFfE/xOIieMp22BuFsYEDbgnIbLdbHJnw+92zyt2lUlzJpW9epNpnb29sVQhtNJ9cPjAaYAaU</CipherValue>
</CipherData>
</EncryptedData>
</smtp>
</mailSettings>
My only problem right now is how do I read those values inside my code without having to decrypt and save the config file. I do not want to rewrite the webconfig file ever time I need to read the mail setting section or even the connection string section.
If I have a method like this:
public static string DecryptMailSettings()
{
var config = WebConfigurationManager.OpenWebConfiguration("~");
ConfigurationSection section = config.GetSection("system.net/mailSettings/smtp");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
return section.???;
}
return "Nothing was read";
}
How do I get the value of lets say "host" from the example above.
From the documentation:
ASP.NET automatically decrypts the contents of the Web.config file when it processes the file. Therefore, no additional steps are required to decrypt the encrypted configuration settings for use by other ASP.NET features or to access the values in your code.
https://msdn.microsoft.com/en-us/library/dtkwfdky.aspx
I am suggesting that if the encryption/decryption is working fine, and it seems like that 'untangling' the Host Name is troublesome then just add a value to your web.config .
Like This:
<appSettings>
<add key="MAILHOST" value="mail.Site.com" /> ,
and then read that in your code.
Ex:
string HostName = ConfigurationManager.AppSettings["MAILHOST"].ToString();
I am trying to encrypting appSettings in a external file using aspnet_regiis -pef. Does anyone how how to do this.
My main web config file :
<appSettings file="ExternalAppSettings.config">
<add key="test1" value="val1" />
<add key="test2" value="val2" />
</appSettings>
external file ExternalAppSettings.config
<appSettings>
<add key="pwd1" value="test1" />
<add key="pwd2" value="test2" />
</appSettings>
I want to encrypt only appsetting in ExternalAppSettings.config how to do this ?
I have done this type of work. I just encrypt the string and than put encrypted string in the values. when i retrieve the values i will again decrypt it into original values.
Please try the below.
aspnet_regiis -pe "appSettings" -prov "{0}" -site {1} -app "/"
example: aspnet_regiis -pe "appSettings" -prov "DataProtectionConfigurationProvider" -site "1" -app "/virtualdirectory_name"
{0}: encryption provider
{1} : Site id in IIS
I have written a program to encrypt and decrypt appdata in an app.config file. The program is working correctly so I could encrypt app.config like this
<configProtectedData>
<providers>
<add keyContainerName="MyConfigurationKey"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="MyProtectedConfigurationprovider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
<appSettings configProtectionProvider="MyRSAProtectedConfigurationprovider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue> Some long text </CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue> very long text</CipherValue>
</CipherData>
</EncryptedData>
</appSettings>
After that I exported the key.Result which is this:
<RSAKeyValue>
<Modulus>Some text</Modulus>
<Exponent>AQAB</Exponent>
<P>Some text</P>
<Q>Some text</Q>
<DP>Some text</DP>
<DQ>Some text</DQ>
<InverseQ>Some text</InverseQ>
<D>Some text</D>
</RSAKeyValue>
Now, I need to find the private key and public key in encryption. I searched several places but I could not find a proper document about it. Please help me on this.
I'm not sure what format you are expecting the key to be in, but key.Result contains all the information you are looking for. The tuple Modulus and Exponent are the public RSA key and the tuple Modulus and D the private key. From what I can see in the Exponent data field, the numbers are base64 encoded: AQAB is the base64 encoding of '\x01\x00\x01', which is the encoding of a commonly used public exponent 65537. I can't tell whether it's little or big endian, though.