Skip to main content

Encrypt Web.config in DNN or ASP.net web application


Granting Read Access to an RSA Encryption Key

Step 1:
Go to the appropriate framework directory for the ASP.NET files:cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319


Step 2:
From here we can grant read access to an RSA encryption key by running this command:.\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "IIS APPPOOL\MySite"


How to Identify the APP  Pool

"IIS APPPOOL\MySite" is the identity that my App Pool runs under. If you don't know what yours is, create an .aspx file in your website with the following content:
<%@ Page Language="C#" %> 
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>

Encrypting Sections of the Web.config File

At this point, we are ready to run the command that will actually encrypt the web.config. 
MAKE SURE THAT YOU HAVE A BACKUP OF ALL THE DATA STORED IN THE SECTION YOU ARE ABOUT THE ENCRYPT.
.\aspnet_regiis.exe -pe "connectionStrings" -app "/MySite"


If all went well, you should see
Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine. 

Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
Succeeded! 


but...
It Didn't Work!!!

If you setup your system like me, 
you may have encountered output containing a stupid error message like this one:Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
A configuration file cannot be created for the requested Configuration object.
Failed!



b471code3 from the ASP.NET forums hit the nail on the head with the answer:"I'm assuming you already checked this out but what I'd pay special attention to is the -site option. 

If the app's web.config you are trying to encrypt is not under the DefaultWebSite or you have deleted and recreated the DefaultWebSite, the -site option will need to be specified. 

For example, when IIS is installed, a Web site named "Default Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns "/LM/W3SVC/1". If you do not specify a -site option, site 1 is used."



But how do we get the site's INSTANCE_META_PATH? (Important)

Scott Forsynth tells you how to get the INSTANCE_META_PATH on his blog. Just make another .aspx file in your site with the following content:<%@ Page Language="C#" %>
<%
foreach (string var in Request.ServerVariables)
{
Response.Write(var + " " + Request[var] + "<br>");
}
%>



That will dump all the server variables to the page, in which you will find something like this:INSTANCE_META_PATH /LM/W3SVC/3



The number on the end is the site ID (It also looks like the INSTANCE_ID variable has just the site ID, but I'm not 100% sure if that is reliable). Take that and incorporate it into the encryption command. This is what the correct command looks like:
.\aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "3"



Note that I replace the application name with just a forward slash. If you do run an application inside your IIS site, you will need to include that. Personally, I don't normally do that, mainly to avoid issues withconfiguration inheritance.

And then you will have a super secret web.config section!
Labels:

Comments

Post a Comment

Thanks for the Comments , Your review will display soon

Popular posts from this blog

OLEDB jet 4.0 driver In Vista 64bit / he 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine

Well i think you must be thankful for me specailly for this research i am really getting the solution after 6 month research that is how to enable the oledb jet 4.0 driver in vista, i read arround 100s of articles and maximum said that is not possible to enable it and ala bla well at the end i got the answer that is so easy Acctually that is correct that oledb jet 4.0 driver is not avaialble for 64 bit but if you run your IIS on 32 bit instead of 64 then Oledb jet will working fine Here are the steps Click on the Start > Program > Administrative Tool > IIS Management panel Select the Computer name Right click on the application pool and select properties Select "TRUE" in Enable 32 Bit Application by default it is false Then this problem will resolve if you need any assitance then feel free to email me rashidbilgrami@hotmail.com Regards Rashid Imran Bilgrami CEO Best visualization www.bestvisualization.com
3 comments
Read more

How to convert and crack windows server 2012 from Evaluation to Full

Dear All This is a way how you Convert Evalution to Full Step1: Open CMD and run following command DISM /online /Get-CurrentEdition <edition ID> is like ServerStandard with out Eval Step 2: DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula WINDOWS SERVER 2012 Serial Key Windows Server 2012 DataCenter: 48HP8-DN98B-MYWDG-T2DCC-8W83P Datacenter: Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW Standard: XC9B7-NBPP2-83J2H-RHMBY-92BT4 Standard R2: DBGBW-NPF86-BJVTX-K3WKJ-MTB6V Server Essentials: K2XGM-NMBT3-2R6Q8-WF2FK-P36R2 For Standard R2 here is a command For R2 its like that DISM /online /Set-Edition:ServerStandard /ProductKey:DBGBW-NPF86-BJVTX-K3WKJ-MTB6V /AcceptEula Regards
Post a Comment
Read more

SugarCRM Footer Logo Remove & SugerCRM violation Message Remove

Hi Reader, Let us discuss about how to remove the SugarCRM Footer logo.. You all are aware of the power of the SugarCRM Tool and also must be very eager to remove the footer in order to make it look more professional. So below mentioned are some tricks for removing the footer from SugarCRM Community edition. 1)  O pen-modules/Administration/ updater_utils.php Add-exit() ; in between   function check_now()   and   return . any where By doing this u can remove 'powered by sugar crm' footer logo. 2) Go to  modules/Trackers/Tracker.php, line 128, in the 'logPage' function. Drop the 'echo' statement. 3) Now to root(Sugarfolder)\include\mvc\view\sugarview.php and modify the line array(show header => true, show subpanel => true...........and so on) and make the changes to showfooter=>true to  showfooter=>false Now how you remove the violation  Go to include /utils/ mvc_utils.php and remove the line or code b...
10 comments
Read more