Last post May 20, 2016 02:12 PM by bigbadbuff
May 19, 2016 03:25 PM|bigbadbuff|LINK
OS: Server 2008 R2 Enterprise
.NET Framework versions installed: 1.0.3705, 1.1.4322, 2.0.50727, 4.0.30319
I have been asked to encrypt connectionStrings and a few other sections of the web.config files on our web servers. My goal is to create a custom RSA Key Container, get it working successfully on one server, export it to an .XML file, and import/use to encrypt
on other similar web servers.
After doing a lot of reading, mostly from https://msdn.microsoft.com/en-us/library/2w117ede(v=vs.100).aspx it seems like a pretty basic process, but I keep getting an error I cannot defeat. Here's what I have done so far successfully:
1) Changed to the \WINDOWS\Microsoft.Net\Framework\v2.0.50727 directory and successfully ran aspnet_regiis -pc "MyKeys" -exp
to create the key pair and make it exportable.
2) Granted the 'Network Service' account read access to the key (from what I am reading/seeing, the ASP.Net service uses 'Network Service' as its logon so this should be the only account I need to grant this right to) aspnet_regiis -pa "MyKeys" "NT
3) Confirmed I had a connectionStrings section already present in web.config, and then created a >configureProtectedData> section like shown below. NOTE that apparently older versions of the article left a space out of the 'Version=184.108.40.206' section, so those
copying/pasting had a problem. I DID leave mine as shown below, as 220.127.116.11
4) I made sure the change didn't break anything in the config file, then went to encrypt the connectedString section using the following command (using -pef instead of -pe since I am calling out a file path and not an app/site) aspnet_regiis -pe
"connectionStrings" E:\FilePath -prov "MyProvider"
5) I consistently get the following error: 'the given assembly name or codebase was invalid. <Exception from HRESULT: 0x80131047>'
I am brand new to this, for all I know there are logs I can reference that easily explain the problem. I can't seem to find them if that's the case.
For reference, I also tried this via the newest version of .NET/ASP I have installed (going thru the same steps above, just a different directory to run ASPNET. Pretty stuck, any help appreciated!
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=18.104.22.168,
May 20, 2016 06:36 AM|Chris Zhao|LINK
aspnet_regiis -pef "connectionStrings" "E:\FilePath" -prov "MyProvider"
I test on my side, it works well. The web config is under t folder, I use
aspnet_regiis -pef "connectionStrings" "D:\t" -prov "MyProvider"
May 20, 2016 02:12 PM|bigbadbuff|LINK
That looks like what I tried, the only difference I see is the key container name. I used a custom name, not 'My Provider', which I can't imagine matters. I will give it another try and report back.
Thank you very much for the assistance by the way!!