Skip to main content

Encrypt Web.config in DNN or ASP.net web application


Granting Read Access to an RSA Encryption Key

Step 1:
Go to the appropriate framework directory for the ASP.NET files:cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319


Step 2:
From here we can grant read access to an RSA encryption key by running this command:.\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "IIS APPPOOL\MySite"


How to Identify the APP  Pool

"IIS APPPOOL\MySite" is the identity that my App Pool runs under. If you don't know what yours is, create an .aspx file in your website with the following content:
<%@ Page Language="C#" %> 
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>


Encrypting Sections of the Web.config File

At this point, we are ready to run the command that will actually encrypt the web.config. 
MAKE SURE THAT YOU HAVE A BACKUP OF ALL THE DATA STORED IN THE SECTION YOU ARE ABOUT THE ENCRYPT.
.\aspnet_regiis.exe -pe "connectionStrings" -app "/MySite"


If all went well, you should see
Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine. 

Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
Succeeded! 


but...
It Didn't Work!!!

If you setup your system like me, 
you may have encountered output containing a stupid error message like this one:Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
A configuration file cannot be created for the requested Configuration object.
Failed!



b471code3 from the ASP.NET forums hit the nail on the head with the answer:"I'm assuming you already checked this out but what I'd pay special attention to is the -site option. 

If the app's web.config you are trying to encrypt is not under the DefaultWebSite or you have deleted and recreated the DefaultWebSite, the -site option will need to be specified. 

For example, when IIS is installed, a Web site named "Default Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns "/LM/W3SVC/1". If you do not specify a -site option, site 1 is used."



But how do we get the site's INSTANCE_META_PATH? (Important)

Scott Forsynth tells you how to get the INSTANCE_META_PATH on his blog. Just make another .aspx file in your site with the following content:<%@ Page Language="C#" %>
<%
foreach (string var in Request.ServerVariables)
{
Response.Write(var + " " + Request[var] + "<br>");
}
%>



That will dump all the server variables to the page, in which you will find something like this:INSTANCE_META_PATH /LM/W3SVC/3



The number on the end is the site ID (It also looks like the INSTANCE_ID variable has just the site ID, but I'm not 100% sure if that is reliable). Take that and incorporate it into the encryption command. This is what the correct command looks like:
.\aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "3"



Note that I replace the application name with just a forward slash. If you do run an application inside your IIS site, you will need to include that. Personally, I don't normally do that, mainly to avoid issues withconfiguration inheritance.

And then you will have a super secret web.config section!

Comments

Popular posts from this blog

OLEDB jet 4.0 driver In Vista 64bit / he 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine

Well i think you must be thankful for me specailly for this research i am really getting the solution after 6 month research that is how to enable the oledb jet 4.0 driver in vista, i read arround 100s of articles and maximum said that is not possible to enable it and ala bla well at the end i got the answer that is so easy Acctually that is correct that oledb jet 4.0 driver is not avaialble for 64 bit but if you run your IIS on 32 bit instead of 64 then Oledb jet will working fine Here are the steps Click on the Start > Program > Administrative Tool > IIS Management panel Select the Computer name Right click on the application pool and select properties Select "TRUE" in Enable 32 Bit Application by default it is false Then this problem will resolve if you need any assitance then feel free to email me rashidbilgrami@hotmail.com Regards Rashid Imran Bilgrami CEO Best visualization www.bestvisualization.com

How to create a search engine for your DotNetNuke site

Dear Readers today i found very interesting item now you can create your own search engine like google in just few steps by using dotnetnuke technology Original URL  http://www.wrensoft.com/zoom/support/tutorial_dnn.html thanks for zoom Zoom Search Engine is a software package that allows you to create a powerful custom search engine for your website. It is unlike other search solutions in that it gives you full control over its indexing capabilities, and there is no advertising or annual fees, while being one of the easiest to use and most feature packed solutions on the market. More on the advantages of using Zoom here . The following tutorial explains how to use Zoom with your DotNetNuke website. Since many DotNetNuke (DNN) users find the built-in search functionalities of DNN Search to be lacking, they have found that Zoom is far more capable in providing a much more effective (both in relevance and performance) search function to their DNN website. We provide

How to convert and crack windows server 2012 from Evaluation to Full

Dear All This is a way how you Convert Evalution to Full Step1: Open CMD and run following command DISM /online /Get-CurrentEdition <edition ID> is like ServerStandard with out Eval Step 2: DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula WINDOWS SERVER 2012 Serial Key Windows Server 2012 DataCenter: 48HP8-DN98B-MYWDG-T2DCC-8W83P Datacenter: Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW Standard: XC9B7-NBPP2-83J2H-RHMBY-92BT4 Standard R2: DBGBW-NPF86-BJVTX-K3WKJ-MTB6V Server Essentials: K2XGM-NMBT3-2R6Q8-WF2FK-P36R2 For Standard R2 here is a command For R2 its like that DISM /online /Set-Edition:ServerStandard /ProductKey:DBGBW-NPF86-BJVTX-K3WKJ-MTB6V /AcceptEula Regards