Geek Answers Handbook

App.config Connection String Protection Error

I ran into a problem that I had before; cannot find my link on how to solve it.

Here is the problem. We encrypt the connection string section in app.config for our client application using the following code:

config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) If config.ConnectionStrings.SectionInformation.IsProtected = False Then config.ConnectionStrings.SectionInformation.ProtectSection(Nothing) ' We must save the changes to the configuration file.' config.Save(ConfigurationSaveMode.Modified, True) End If

The problem is that we left the seller. The old laptop goes to the new seller and under the new username, when he tries to do this, we get an error. Mistake:

 Unhandled Exception: System.Configuration.ConfigurationErrorsException: An error occurred executing the configuration section handler for connectionStrings. ---> System.Configuration.ConfigurationErrorsException: Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists. ---> System.Security.Cryptography.CryptographicException: Object already exists
+2
cryptography app-config
source share
4 answers

I found a more elegant solution, which is in my original answer to me. I found that if I just logged in as the user who officially installed the application and caused file encryption to connect the configuration file, go to the .net framework directory at the commadn prompt and run

 aspnet_regiis -pa "NetFrameworkConfigurationKey" "{domain}\{user}"

he granted another user permission to access the RSA encryption key container, and then it works for other users.

I just wanted to add it here, because I thought I wrote this problem on our dev blog, but found it here, so if I need to find it again, it will be here. A link will be added to our blog blog in this thread.

+1
source share

So, I really worked.

  • deleted old user account from laptop.
  • reset app.config so that the partition is not protected.
  • remote key file from all keys of user machines
  • executed the application and allowed it to protect the section

But all this meant that he was working for this user.

NOW I need to know what I need to do to change the code to protect the partition so that several users on the PC can use the application. The virtual computer here I come (well, after vacation at WDW tomorrow next Wednesday)!

any tips that will help me point me in the right direction, as I am not very versed in this type of RSA encryption.

+1
source share

http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx#1657603

copy and paste: D

Monday, February 12, 2007 12:15 by Naica

re: Encrypting configuration files using secure configuration

Here is a list of all the steps I took to encrypt two partitions on my PC and then deploy to WebServer. Maybe this will help someone ...:

  • To create a machine-level RSA key container

     aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp

  • Add this to web.config before the connectionStrings section:

      <add name="DataProtectionConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName="DataProtectionConfigurationProviderKeys" useMachineContainer="true" />

    Do not miss <clear /> on top! Important when you play with encripting / decripting many times

  • Check that this is at the top of the Web.Config file. If missing, add it:

     <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">

  • Save and close the Web.Config file in VS (very important!)

  • In the command prompt window (my local PC), go to:

    C: \ WINNT \ Microsoft.NET \ Framework \ v2.0.50727

  • Encryption: (Remember to change the physical path for your application or use the -app parameter and specify the name o of the virtual directory for the application! Since I used VS on my PC, I preferred the following option: path to the Web.config file)

    aspnet_regiis -pef "connectionStrings" "c: \ Bla \ Bla \ Bla" -prov "DataProtectionConfigurationProvider"

    aspnet_regiis -pef "system.web / membership" "c: \ Bla \ Bla \ Bla" -prov "DataProtectionConfigurationProvider"

  • To decrypt (if only necessary!):

     aspnet_regiis -pdf "connectionStrings" "c:\Bla\Bla\Bla" aspnet_regiis -pdf "system.web/membership" "c:\Bla\Bla\Bla"

  • Delete the key container (if necessary only!)

     aspnet_regiis -pz "DataProtectionConfigurationProviderKeys"

  • Save the specified key in the xml file to export it from the local PC to WebServer (UAT or Production).

     aspnet_regiis -px "DataProtectionConfigurationProviderKeys" \temp\mykeyfile.xml -pri

  • Import key container on WebServer servers:

     aspnet_regiis -pi "DataProtectionConfigurationProviderKeys" \temp\mykeyfile.xml

  • Provide access to the key on the web server

     aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "DOMAIN\User"

    See the IIS ASP.NET user or use:

     Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name

  • Remove key access on the web server (only if necessary!)

     aspnet_regiis -pr "DataProtectionConfigurationProviderKeys" "Domain\User"

  • Copy and paste the encrypted Web.config file into WebServer.

+1
source share

Sounds like a permission issue. Does the (new) user have write permissions to the app.config file? Was the previous user a local administrator or an authorized user who could have masked this problem?

0
source share

More articles:


All Articles