Skip to main content

Encrypt Web.config in DNN or ASP.net web application


Granting Read Access to an RSA Encryption Key

Step 1:
Go to the appropriate framework directory for the ASP.NET files:cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319


Step 2:
From here we can grant read access to an RSA encryption key by running this command:.\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "IIS APPPOOL\MySite"


How to Identify the APP  Pool

"IIS APPPOOL\MySite" is the identity that my App Pool runs under. If you don't know what yours is, create an .aspx file in your website with the following content:
<%@ Page Language="C#" %> 
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>

Encrypting Sections of the Web.config File

At this point, we are ready to run the command that will actually encrypt the web.config. 
MAKE SURE THAT YOU HAVE A BACKUP OF ALL THE DATA STORED IN THE SECTION YOU ARE ABOUT THE ENCRYPT.
.\aspnet_regiis.exe -pe "connectionStrings" -app "/MySite"


If all went well, you should see
Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine. 

Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
Succeeded! 


but...
It Didn't Work!!!

If you setup your system like me, 
you may have encountered output containing a stupid error message like this one:Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
A configuration file cannot be created for the requested Configuration object.
Failed!



b471code3 from the ASP.NET forums hit the nail on the head with the answer:"I'm assuming you already checked this out but what I'd pay special attention to is the -site option. 

If the app's web.config you are trying to encrypt is not under the DefaultWebSite or you have deleted and recreated the DefaultWebSite, the -site option will need to be specified. 

For example, when IIS is installed, a Web site named "Default Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns "/LM/W3SVC/1". If you do not specify a -site option, site 1 is used."



But how do we get the site's INSTANCE_META_PATH? (Important)

Scott Forsynth tells you how to get the INSTANCE_META_PATH on his blog. Just make another .aspx file in your site with the following content:<%@ Page Language="C#" %>
<%
foreach (string var in Request.ServerVariables)
{
Response.Write(var + " " + Request[var] + "<br>");
}
%>



That will dump all the server variables to the page, in which you will find something like this:INSTANCE_META_PATH /LM/W3SVC/3



The number on the end is the site ID (It also looks like the INSTANCE_ID variable has just the site ID, but I'm not 100% sure if that is reliable). Take that and incorporate it into the encryption command. This is what the correct command looks like:
.\aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "3"



Note that I replace the application name with just a forward slash. If you do run an application inside your IIS site, you will need to include that. Personally, I don't normally do that, mainly to avoid issues withconfiguration inheritance.

And then you will have a super secret web.config section!
Labels:

Comments

Post a Comment

Thanks for the Comments , Your review will display soon

Popular posts from this blog

How to convert and crack windows server 2012 from Evaluation to Full

Dear All This is a way how you Convert Evalution to Full Step1: Open CMD and run following command DISM /online /Get-CurrentEdition <edition ID> is like ServerStandard with out Eval Step 2: DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula WINDOWS SERVER 2012 Serial Key Windows Server 2012 DataCenter: 48HP8-DN98B-MYWDG-T2DCC-8W83P Datacenter: Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW Standard: XC9B7-NBPP2-83J2H-RHMBY-92BT4 Standard R2: DBGBW-NPF86-BJVTX-K3WKJ-MTB6V Server Essentials: K2XGM-NMBT3-2R6Q8-WF2FK-P36R2 For Standard R2 here is a command For R2 its like that DISM /online /Set-Edition:ServerStandard /ProductKey:DBGBW-NPF86-BJVTX-K3WKJ-MTB6V /AcceptEula Regards
Post a Comment
Read more

SugarCRM Footer Logo Remove & SugerCRM violation Message Remove

Hi Reader, Let us discuss about how to remove the SugarCRM Footer logo.. You all are aware of the power of the SugarCRM Tool and also must be very eager to remove the footer in order to make it look more professional. So below mentioned are some tricks for removing the footer from SugarCRM Community edition. 1)  O pen-modules/Administration/ updater_utils.php Add-exit() ; in between   function check_now()   and   return . any where By doing this u can remove 'powered by sugar crm' footer logo. 2) Go to  modules/Trackers/Tracker.php, line 128, in the 'logPage' function. Drop the 'echo' statement. 3) Now to root(Sugarfolder)\include\mvc\view\sugarview.php and modify the line array(show header => true, show subpanel => true...........and so on) and make the changes to showfooter=>true to  showfooter=>false Now how you remove the violation  Go to include /utils/ mvc_utils.php and remove the line or code b...
10 comments
Read more

DNN 7 Won't go into edit mode or not working with control bar

Dear All, Today when i install the DNN 7 then i found and issue in edit mode after installation. The problem is when i go to edit mode the page refresh with out enabling the edit mode, after a short research on Google i found the solution. I hppe it save your time 1. backup your web.config 2. Open your web.config in a text editor 3. within the web.config file, find the <system.webserver><modules> section. 4.  If the <modules> section says <modules runAllManagedModulesForAllRequests="false"> change it to <modules runAllManagedModulesForAllRequests="true"> OR  if it just says <modules>, change it to <modules runAllManagedModulesForAllRequests="true"> 5. Save the config file. 6. Retry by refreshing the page and trying again.  You can also test this out by trying to a do a journal post (which also uses the services framework in an authenticated way. If some how its will not work then, you must chang...
11 comments
Read more