Web.Config encryption using RsaProtectedConfigurationProvider - “Bad Data” error

Question

I am attempting to encrypt connection string values in the Web.Config file for an ASP.NET 2.0 web application, following the procedure described on MSDN. Using the RsaProtectedC

Answer 1

Actually you can use EL from Microsoft just to encrypt your connection string. You can download it here: http://www.codeplex.com/entlib

hth

Answer 2

The RsaProtectedConfigurationProvider uses the machine account or the user account to encrypt the keys and save them in a file which called "key container", which usually saved in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA. And the ASP.NET worker process identity (ASPNET user in XP/2000 or Network Service in case of 2003) should have access to these files to be able to decrypt it or you would get this error message.

Please check this link for more information

http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx

Answer 3

Encrpyting is very case sensitive as mahdi said. I have used in my pc and taken it to the sever I had a problem the problem was from the RSA machine key containers that are stored in my PC folder OR directory. and If you want to know where the correction may be started before making any change, Just start from

\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.

For info, kindly reffer to this link which might be a helpful....

http://msdn.microsoft.com/en-us/library/ms998283.aspx

Answer 4

Be careful that the name of the element to encrypt is case sensitive. So you should use "connectionStrings" not "connectionstrings" or "ConnectionStrings".

Answer 5

This is another way to encrypt and decrypt coonection string check it if you are using vs2010 then open vs2010 with run as administrator

string provider = "RSAProtectedConfigurationProvider";

string section = "connectionStrings"; 

protected void btnEncrypt_Click(object sender, EventArgs e) 

{

   Configuration confg =
   WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

   ConfigurationSection configSect = confg.GetSection(section);

   if (configSect != null)

   {
      configSect.SectionInformation.ProtectSection(provider);
      confg.Save();

   }

}
protected void btnDecrypt_Click(object sender, EventArgs e)
{
    Configuration config =
        WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
    ConfigurationSection configSect = config.GetSection(section);
    if (configSect.SectionInformation.IsProtected)
    {
        configSect.SectionInformation.UnprotectSection();
        config.Save();
    }
}

Answer 6

I followed the approach listed below when I had Bad Data error while manual decryption.

1. Add Remove and Clear tags in configProtectedData.
2. Verify –pri was used while exporting key
3. Also ensure that keyContainerName is same as the one used for regstering

keyContainerName="MyKeys"

CONFIG

<configProtectedData>
  <providers>

    <clear/>

<remove name="RSAProtectedConfigurationProvider" />

     <add name="RSAProtectedConfigurationProvider" keyContainerName="MyKeys" 
    type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,&#xD;&#xA;                
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,&#xD;&#xA; processorArchitecture=MSIL"
          useMachineContainer="true" />

  </providers>
</configProtectedData>

REFERENCE

1. ConnectionString Encryption
2. Where is RAS Key...