Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
825 views
in Technique[技术] by (71.8m points)

vb.net - App.config connection string Protection error

I am running into an issue I had before; can't find my reference on how to solve it.

Here is the issue. We encrypt the connection strings section in the app.config for our client application using code below:

        config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
        If config.ConnectionStrings.SectionInformation.IsProtected = False Then
            config.ConnectionStrings.SectionInformation.ProtectSection(Nothing)

            ' We must save the changes to the configuration file.'
            config.Save(ConfigurationSaveMode.Modified, True)
        End If

The issue is we had a salesperson leave. The old laptop is going to a new salesperson and under the new user's login, when it tries to to do this we get an error. The error is:

Unhandled Exception: System.Configuration.ConfigurationErrorsException: 
An error occurred executing the configuration section handler for connectionStrings. ---> System.Configuration.ConfigurationErrorsException: Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. 
Error message from the provider: Object already exists.
---> System.Security.Cryptography.CryptographicException: Object already exists
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx#1657603

copy and paste :D

Monday, February 12, 2007 12:15 AM by Naica

re: Encrypting configuration files using protected configuration

Here is a list of all steps I've done to encrypt two sections on my PC and then deploy it to the WebServer. Maybe it will help someone...:

  1. To create a machine-level RSA key container

    aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp
    
  2. Add this to web.config before connectionStrings section:

     <add name="DataProtectionConfigurationProvider"
    
          type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
    
                   Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
    
                   processorArchitecture=MSIL"
    
          keyContainerName="DataProtectionConfigurationProviderKeys"
    
          useMachineContainer="true" />
    

    Do not miss the <clear /> from above! Important when playing with encrypting/decrypting many times

  3. Check to have this at the top of Web.Config file. If missing add it:

    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    
  4. Save and close Web.Config file in VS (very important!)

  5. In Command Prompt (my local PC) window go to:

    C:WINNTMicrosoft.NETFrameworkv2.0.50727

  6. Encrypt: (Be aware to Change physical path for your App, or use -app option and give the name o virtual directory for app! Because I used VS on my PC I preferred the bellow option. The path is the path to Web.config file)

    aspnet_regiis -pef "connectionStrings" "c:BlaBlaBla" -prov "DataProtectionConfigurationProvider"

    aspnet_regiis -pef "system.web/membership" "c:BlaBlaBla" -prov "DataProtectionConfigurationProvider"

  7. To Decrypt (if needed only!):

    aspnet_regiis -pdf "connectionStrings" "c:BlaBlaBla"
    
    aspnet_regiis -pdf "system.web/membership" "c:BlaBlaBla"
    
  8. Delete Keys Container (if needed only!)

    aspnet_regiis -pz "DataProtectionConfigurationProviderKeys"
    
  9. Save the above key to xml file in order to export it from your local PC to the WebServer (UAT or Production)

    aspnet_regiis -px "DataProtectionConfigurationProviderKeys" empmykeyfile.xml -pri
    
  10. Import the key container on WebServer servers:

    aspnet_regiis -pi "DataProtectionConfigurationProviderKeys" empmykeyfile.xml
    
  11. Grant access to the key on the web server

    aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "DOMAINUser"
    

    See in IIS the ASP.NET user or use:

    Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name
    
  12. Remove Grant access to the key on the web server (Only if required!)

    aspnet_regiis -pr "DataProtectionConfigurationProviderKeys" "DomainUser"
    
  13. Copy and Paste to WebServer the encrypted Web.config file.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...