Geek Answers Handbook

How to encrypt sections of app.config file during installation using WiX?

I found an example for web.config encryption during installation here , but my application is a windows service. The aspnetreg_iis method works only for web.config files.

I know how to programmatically encrypt a configuration file, but I don’t think I can do this using WiX. Am I mistaken? Any ideas?

+7
installer wix app-config dtf
source share
2 answers

You should be able to do this as part of a custom action. The catch I discovered is that loading the assembly for ExeConfigurationFileMap will throw an exception, but you can handle this by adding the AssemblyResolve handler to the AppDomain. This is a kind of hack from the rich-client application that I wrote to encrypt / decrypt secure configuration sections using a machine encryption key. This is probably not the most beautiful code, but I hope you can get it. This code assumes that you have the ProtectionProvider that you want to use, defined in the configuration file.

 //class global static System.Reflection.Assembly DefiningAssembly; AppDomain currentDomain = AppDomain.CurrentDomain; currentDomain.AssemblyResolve += new ResolveEventHandler(MyResolveEventHandler); static System.Reflection.Assembly MyResolveEventHandler(object sender, ResolveEventArgs args) { return DefiningAssembly; }

Then you can load your configuration as follows:

 DefiningAssembly = System.Reflection.Assembly.LoadFrom("path to defining assembly for config"); //Set the Configuration using an ExeConfigurationFileMap - This works for any .config file. ExeConfigurationFileMap CfgMap = new ExeConfigurationFileMap(); CfgMap.ExeConfigFilename = "path to config file"; Configuration config = ConfigurationManager.OpenMappedExeConfiguration(CfgMap, ConfigurationUserLevel.None); List<string> DefiningAssemblyTypes = new List<string>(); foreach (System.Type type in DefiningAssembly.GetExportedTypes()) { DefiningAssemblyTypes.Add(type.Name); } foreach (ConfigurationSection tempSection in config.Sections) { if (DefiningAssemblyTypes.Contains(tempSection.ElementInformation.Type.Name)) { section = tempSection; break; } } ProtectionProviderName = section.SectionInformation.ProtectionProvider.Name; section.SectionInformation.ProtectSection(ProtectionProviderName); config.Save(ConfigurationSaveMode.Minimal, true);

Hope this helps you, good luck.

+3
source share

Here is what I ended up with ...

I used WiX and DTF to create custom Action managed code to encrypt this section of the configuration file:

  public static void EncryptConfig(Session session) { var configPath = session["APPCONFIGPATH"]; var sectionToEncrypt = session["SECTIONTOENCRYPT"]; var fileMap = new ExeConfigurationFileMap(); fileMap.ExeConfigFilename = configPath; var configuration = ConfigurationManager.OpenMappedExeConfiguration(fileMap, ConfigurationUserLevel.None); ConfigurationSection section = configuration.GetSection(sectionToEncrypt); if (!section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider"); section.SectionInformation.ForceSave = true; configuration.Save(ConfigurationSaveMode.Modified); } }

Part of my lack of understanding that caused this question did not know that you can safely create custom actions in managed code using DTF. Documentation is allowed in DTF, but once you get it, it's great.

I found that this only works if I planned my own action after InstallFinalize.

Here is the WiX configuration for this to happen:

 <InstallExecuteSequence> <Custom Action="EncryptConfigurationFiles" After="InstallFinalize" /> </InstallExecuteSequence> <Fragment> <Binary Id="YourProject.CustomActions.dll" SourceFile="$(var.YourProject.CustomActions.TargetDir)$(var.YourProject.CustomActions.TargetName).CA.dll" /> <CustomAction Id="EncryptConfigurationFiles" BinaryKey="YourProject.CustomActions.dll" DllEntry="EncryptConfig" Return="check" /> </Fragment>

These blogs / sites helped me get there, and most of the code above was derived from them:

http://geekswithblogs.net/afeng/Default.aspx http://blog.torresdal.net/2008/10/24/WiXAndDTFUsingACustomActionToListAvailableWebSitesOnIIS.aspx http://blogs.msdn.com/jasongin/archive/2008/07/ 09 / votive-project-platform-configurations.aspx

@PITADeveloper ... Thanks for the answer. I found that I did not need to download the assembly to encrypt the configuration file.

If you use this, you should use try catch and return an ActionResult ... The above pseudo code.

Finally, I am using DataProtectionConfigurationProvider. For the RSA provider, I think there are a few more hoops that you can jump over.

Hope this helps someone!

+3
source share

More articles:


All Articles