Last post Mar 15, 2019 11:41 AM by AddWeb Solution
Mar 05, 2019 10:03 PM|asplearning|LINK
Hello everyone, I have this requirement and here is the structure of my folder
So in each web.config, I have authorization rule for different roles:
<allow roles="Managers" />
and for employee
<allow roles="Employees" />
Now I want to encrypt both web.config files so it's hard for someone to modify the authorization section. My problem is when I encrypted it on development PC using this method
and published it to the hosting server, the hosting server was not able to decrypt both the files. I understand that this is because both machines have different keys. Is there a way I can make it work on both machines? I read about storing RSA keys but
not sure if it's worth it since it's quite a process. I tried to specify machine key in the web.config. But still doesn't work.
One more option for me is to encrypt the web.config files on my hosting server and remember to replace them in the hosting server after publishing my site.
Is there a better to handle this?
Thanks for your input.
Mar 06, 2019 02:57 AM|Ackerly Xu|LINK
Rsa will look for C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys by default, are you sure you have admin permission in your server?
You could also customize your provider to use user level key
Mar 15, 2019 11:41 AM|AddWeb Solution|LINK
Have a look at This Article it has some very useful examples. You're basically looking for
System.Configuration.SectionInformation.ProtectSection to help you out here.
Also have a peek at Implementing Protected Configuration