Re: Error with Encrypting identity section of web.config

You cannot encrypt the identity section using ProtectedConfiguration...

This settings has to be read by the ISAPI extension before it calls into the HttpRuntime. Thats too early for protected configuration

for these special section there's a tools called aspnet_setreg

http://support.microsoft.com/kb/329290


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I am deploying a asp.net 2.0 web app to a server farm and have
followed the

instructions from

http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToEncryptConfig
urationSectionsUsingRsaInAspNet20?diff=y

and

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag
2/html/PAGHT000006.asp

and specifically the section of those pages that involves deploying
the

encryption in a webfarm environment. Those pages talk about
encrypting the

ConnectionStrings section, but not the identity section. After
hunting

around I found that the command I needed to encrypt only that section
is

aspnet_regiis -pe "system.web/identity" -app "/WebFarmRSA" -prov

"CustomProvider". This successfully encrypts the web.config, but now
when I

browse to the site I get the following error:

================================================

Server Error in '/' Application.

----------------------------------------------------------------------
----------

Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.

Parser Error Message: Unrecognized element.

Source Error:

Line 107: </CipherData>
Line 108: </EncryptedData>
Line 109: </identity>
Line 110: !-- AUTHORIZATION
Line 111: This section sets the authorization policies of the
application. You can allow or deny access
=====================================================

So I am wondering if there is a specific problem since the identity
section is a subsection of system.web, or where exactly the problem is
on this. This is all on a Windows Server 2003 SP1 64Bit box running
Framework ASP.NET Version:2.0.50727.42. Any help would be most
appreciated!!

Thanks,

Lane



.

Relevant Pages

  • Re: Cryptography.
    ... I want to actually encrypt the whole configuration file during set up. ... > equivalent DPAPI functionality built into the framework. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Encryption algorithm
    ... Trailing spaces SHOULD not be a problem and they SHOULDN'T encrypt to the ... > it to encrypt a password in a configuration file, ... >> Presumably you want the encryption as a COBOL Subroutine? ... >> exit program. ...
    (comp.lang.cobol)
  • Re: Encryption algorithm
    ... it to encrypt a password in a configuration file, ... > [You can set this key to be any character string you like. ... > exit program. ...
    (comp.lang.cobol)
  • RE: Config file to turn on/off features ?
    ... encrypt the key/value pairs to prevent tampering. ... > want your users enabling features by editing the file in notepad. ... > in this configuration file using cryptography. ...
    (microsoft.public.dotnet.framework)
  • RE: Outlook 2003 Encrypt Message Using Wrong Certificate
    ... messages with my key and not the public key/digital ID of the recipient. ... as that is what is used to encrypt the message. ... They will then use their private key to decrypt the message as thats the only ...
    (microsoft.public.outlook.general)