Re: Error with Encrypting identity section of web.config
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Apr 2006 18:19:58 +0000 (UTC)
hey,
you are right - i somehow thought that identity is on that list too
from MSDN
You cannot use protected configuration to encrypt the configProtectedData section of a configuration file. You also cannot use protected configuration to encrypt the configuration sections that do not employ a section handler or sections that are part of the managed cryptography configuration. The following is a list of configuration sections that cannot be encrypted using protected configuration: processModel, runtime, mscorlib, startup, system.runtime.remoting, configProtectedData, satelliteassemblies, cryptographySettings, cryptoNameMapping, and cryptoClasses. It is recommended that you use other means of encrypting sensitive information, such as the ASP.NET Set Registry console application (Aspnet_setreg.exe) tool, to protect sensitive information in these configuration sections. For information on the ASP.NET Set Registry console application (Aspnet_setreg.exe), see article Q329290, "How to use the ASP.NET utility to encrypt credentials and session state connection strings," in the Microsoft Knowledge Base at the Microsoft support Web site.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Actually Dominick it does work just fine. The initial problem with
the
web.config file was a missing "<" character for a remark which was
causing
the error. I then ran into another error saying that it could not
open the
Custom Provider Container. I then ran the following command on both
web
servers to ensure that the NetworkService Account had the necessary
ACLs on
that custom provider container:
aspnet_regiis -pa "CustomKeys" "NT Authority\Network Service"
That fixed the issue and allows us to use the aspnet_regiis tool to
provide RSA encryption of the identity section of the web.config.
Thanks though!!
Lane
"Dominick Baier [DevelopMentor]" wrote:
You cannot encrypt the identity section using
ProtectedConfiguration...
This settings has to be read by the ISAPI extension before it calls
into the HttpRuntime. Thats too early for protected configuration
for these special section there's a tools called aspnet_setreg
http://support.microsoft.com/kb/329290
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I am deploying a asp.net 2.0 web app to a server farm and have
followed the
instructions from
http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToEncryptConf
ig urationSectionsUsingRsaInAspNet20?diff=y
and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnp
ag 2/html/PAGHT000006.asp
and specifically the section of those pages that involves deploying
the
encryption in a webfarm environment. Those pages talk about
encrypting the
ConnectionStrings section, but not the identity section. After
hunting
around I found that the command I needed to encrypt only that
section is
aspnet_regiis -pe "system.web/identity" -app "/WebFarmRSA" -prov
"CustomProvider". This successfully encrypts the web.config, but
now when I
browse to the site I get the following error:
================================================
Server Error in '/' Application.
--------------------------------------------------------------------
-- ----------
Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.
Parser Error Message: Unrecognized element.
Source Error:
Line 107: </CipherData>
Line 108: </EncryptedData>
Line 109: </identity>
Line 110: !-- AUTHORIZATION
Line 111: This section sets the authorization policies of
the
application. You can allow or deny access
=====================================================
So I am wondering if there is a specific problem since the identity
section is a subsection of system.web, or where exactly the problem
is on this. This is all on a Windows Server 2003 SP1 64Bit box
running Framework ASP.NET Version:2.0.50727.42. Any help would be
most appreciated!!
Thanks,
Lane
.
- References:
- Prev by Date: Re: Error with Encrypting identity section of web.config
- Next by Date: asp.net application unable to access registry key in windows2000
- Previous by thread: Re: Error with Encrypting identity section of web.config
- Next by thread: asp.net application unable to access registry key in windows2000
- Index(es):
Relevant Pages
|
