K
Keith G Hicks
I'm using asp.net 2.0
I've managed to convert some C# code I found so that it does encrytp the
connectionStrings section of my web.config file on my development machine.
My next step is to try it out on the site I have running on a *shared*
hosting plane.
The VB code below will create a MACHINE key, not a USER key. It's like doing
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" instead of
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" -prov
"MyUserRSAProtectedConfigurationProvider"
Imports System.Web.Configuration
Partial Class _Default
Inherits System.Web.UI.Page
'THis code ogiginally from here:
http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx
Protected Sub UnProtect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button2.Click
Call UnProtectSection("connectionStrings")
End Sub
Protected Sub Protect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Call ProtectSection("connectionStrings",
"RSAProtectedConfigurationProvider")
End Sub
Protected Sub ProtectSection(ByVal sectionName As String, ByVal provider
As String)
Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)
If Not section.Equals(System.DBNull.Value) And Not
section.SectionInformation.IsProtected Then
section.SectionInformation.ProtectSection(provider)
config.Save()
End If
End Sub
Protected Sub UnProtectSection(ByVal sectionName As String)
Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)
If Not section.Equals(System.DBNull.Value) And
section.SectionInformation.IsProtected Then
section.SectionInformation.UnprotectSection()
config.Save()
End If
End Sub
End Class
I have a few questions.
1. How can I modify the above code to do User key and do I need to do
anything additional to my web.config file to do that (also see question 3
below)?
2. Is one preferred over the other (machine or user) for shared hosting
situations?
3. This code was suggested (by this site:
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToEncryptConfiguratio
nSectionsUsingRsaInAspNet20?diff=y) as an addition to the web.config in
order to do the user key but it does NOT work. I cannot figure out how to
modify it so that it does:
<configProtectedData>
<protectedData>
<providers>
<add keyContainerName="NetFrameworkConfigurationKey"
useMachineContainer="false"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="MyUserRSAProtectedConfigurationprovider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configur
ation, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</configProtectedData>
</protectedData>
4. I do not understand where the value for PublicKeyToken comes from. Coudl
someone either explain that clearly or point me to somewhere that does? All
the samples I've found relating to this don't bother to explain that at all.
Thanks,
Keith
I've managed to convert some C# code I found so that it does encrytp the
connectionStrings section of my web.config file on my development machine.
My next step is to try it out on the site I have running on a *shared*
hosting plane.
The VB code below will create a MACHINE key, not a USER key. It's like doing
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" instead of
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" -prov
"MyUserRSAProtectedConfigurationProvider"
Imports System.Web.Configuration
Partial Class _Default
Inherits System.Web.UI.Page
'THis code ogiginally from here:
http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx
Protected Sub UnProtect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button2.Click
Call UnProtectSection("connectionStrings")
End Sub
Protected Sub Protect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Call ProtectSection("connectionStrings",
"RSAProtectedConfigurationProvider")
End Sub
Protected Sub ProtectSection(ByVal sectionName As String, ByVal provider
As String)
Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)
If Not section.Equals(System.DBNull.Value) And Not
section.SectionInformation.IsProtected Then
section.SectionInformation.ProtectSection(provider)
config.Save()
End If
End Sub
Protected Sub UnProtectSection(ByVal sectionName As String)
Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)
If Not section.Equals(System.DBNull.Value) And
section.SectionInformation.IsProtected Then
section.SectionInformation.UnprotectSection()
config.Save()
End If
End Sub
End Class
I have a few questions.
1. How can I modify the above code to do User key and do I need to do
anything additional to my web.config file to do that (also see question 3
below)?
2. Is one preferred over the other (machine or user) for shared hosting
situations?
3. This code was suggested (by this site:
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToEncryptConfiguratio
nSectionsUsingRsaInAspNet20?diff=y) as an addition to the web.config in
order to do the user key but it does NOT work. I cannot figure out how to
modify it so that it does:
<configProtectedData>
<protectedData>
<providers>
<add keyContainerName="NetFrameworkConfigurationKey"
useMachineContainer="false"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="MyUserRSAProtectedConfigurationprovider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configur
ation, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</configProtectedData>
</protectedData>
4. I do not understand where the value for PublicKeyToken comes from. Coudl
someone either explain that clearly or point me to somewhere that does? All
the samples I've found relating to this don't bother to explain that at all.
Thanks,
Keith