encrypting web.config failed error

后端 未结 9 1125
囚心锁ツ
囚心锁ツ 2021-02-18 13:18

I know that ppl have already asked questions regarding encrypting web.config.

im also trying to encrypt my test config file, but im getting this error.

aspnet_re

相关标签:
9条回答
  • 2021-02-18 13:34

    I got an "illegal characters in path" error that went away when I removed the double quotes that surrounded my path name. Doesn't make any sense, but there you are.

    I also wrote a PowerShell script to do the encrypt/decrypt without dealing with aspnet_regiis : https://github.com/mhenry1384/EncryptDecryptConfig

    0 讨论(0)
  • 2021-02-18 13:37

    for the command "aspnet_regiis -pef" the path of configuration file is the physical path (Not virtual) and also it is the path of directory/folder where web.config resides. So one should not include the name of file in path e.g.

    if your web.config path is at D:\MyConfiguration\web.config then while encrypting/decrypting you will use it as follow:

    encrypt:

    aspnet_regiis -pef [sectionName] "D:\MyConfiguration"

    decrypt:

    aspnet_regiis -pdf [sectionName] "D:\MyConfiguration"

    0 讨论(0)
  • 2021-02-18 13:37

    I was experiencing the same problem and here's what worked for me:

    1. add the aspnet_regiis tool's folder path to your %PATH% variable. This ensures that the tool is accessable from any folder in your command line. See this page for a brief explanation of how to add %PATH% variables: http://geekswithblogs.net/renso/archive/2009/10/21/how-to-set-the-windows-path-in-windows-7.aspx
    2. navigate to your web root folder (don't know if this is necessary but that's where I was navigated when I executed the command)
    3. execute the command with the -pe argument and the -app argument like such:

      aspnet_regiis -pe {section to encrypt} -app "{path from root folder to app, like: "/myappname", use quotes}

    0 讨论(0)
  • 2021-02-18 13:39

    Encrypt/Decrypt web.config

    • source is taken from this link https://mywebanecdotes.com/2016/09/17/encrypting-credentials-in-app-config-for-multiple-machines/
    • Firstly, if you have App.config, you need to rename to Web.config. And when done rename it back. This is because aspnet_regiis.exe recognize only Web.config file.
    • Then create a custom attribute SecuredSettings(any name is fine) either in you App.config or Web.config file.
    <configuration>
    <configSections>
       <section name="SecuredSettings" type="System.Configuration.NameValueSectionHandler" />
     </configSections>
     <SecuredSettings>
          <add key="pwrd" value="password" />
     </SecuredSettings>
     <configProtectedData>
       <providers>
         <add keyContainerName="MyCustomKeys"
                  useMachineContainer="true"
                  name="MyEncryptionProvider"
                  type="System.Configuration.RsaProtectedConfigurationProvider"/>
       </providers>
     </configProtectedData>
    
    </configuration>
    
    • In C# you can retrieve these values as you would do it normally. eg:
    var attr = ConfigurationManager.GetSection("SecuredSettings") as NameValueCollection;
    var value = attr["pwrd"];
    
    • The rest is ecrypting or decrypting
    • Run cmd As Administrator , and locate to C:\Windows\Microsoft.NET\Framework\v4.0.30319
    • "Create a public/private RSA key pair with a specfic container name. They should also be marked as exportable (otherwise what is the point!)"
    • aspnet_regiis.exe -pc MyCustomKeys -exp
    • "Grant permissions for accounts to access the container"
    • aspnet_regiis.exe -pa MyCustomKeys "NT AUTHORITY\NETWORK SERVICE"
    • "The following line will now encrypt your section (the pwdr value). The -pef switch is telling the application to look for a web.config file and to use provider that is declared in the beginning (which is using type RsaProtectedConfigurationProvider)"
    • aspnet_regiis.exe -pef "SecuredSettings" "C:\DEV\ConsoleApp\DEX" -prov MyEncryptionProvider
    • Export those Keys to another machine (if needed)
    • aspnet_regiis.exe -px MyCustomKeys keys.xml -pri it will generate keys.xml file in C:\Windows\Microsoft.NET\Framework\v4.0.30319
    • copy this file and put it in another machine where you would like to use it, to the same location C:\Windows\Microsoft.NET\Framework\v4.0.30319, and run:
    • aspnet_regiis -pi MyCustomKeys keys.xml
    • after you can delete the file from both sides.
    • Don't forget to rename Web.config to App.config, if you did so at the beginning.
    • TO Decrypt the file:
    • aspnet_regiis.exe -pdf "SecuredSettings" "C:\DEV\ConsoleApp\DEX"
    0 讨论(0)
  • 2021-02-18 13:41

    You could try and use this tool to encrypt you web config

    0 讨论(0)
  • 2021-02-18 13:45

    The Sections are CASE SENSITIVE.

    Do not Add \ at the end of the path (no web.config needed).

    You don't need to do it straight on a site; instead, copy the file to any location.

    Encrypting:

    aspnet_regiis -pef "SECTIONTOENTRYPT" "d:\tempEnCrypt" -prov WhateverProviderYouAreUsing 
    

    Decrypting:

    aspnet_regiis -pdf "SECTIONTOENTRYPT" "d:\tempEncrypt"
    

    You can use this to encrypt an app.config as well, just rename the file for the encryption/decryption as web.config

    0 讨论(0)
提交回复
热议问题