Skip to main content

Encrypt Web.config in DNN or ASP.net web application


Granting Read Access to an RSA Encryption Key

Step 1:
Go to the appropriate framework directory for the ASP.NET files:cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319


Step 2:
From here we can grant read access to an RSA encryption key by running this command:.\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "IIS APPPOOL\MySite"


How to Identify the APP  Pool

"IIS APPPOOL\MySite" is the identity that my App Pool runs under. If you don't know what yours is, create an .aspx file in your website with the following content:
<%@ Page Language="C#" %> 
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>


Encrypting Sections of the Web.config File

At this point, we are ready to run the command that will actually encrypt the web.config. 
MAKE SURE THAT YOU HAVE A BACKUP OF ALL THE DATA STORED IN THE SECTION YOU ARE ABOUT THE ENCRYPT.
.\aspnet_regiis.exe -pe "connectionStrings" -app "/MySite"


If all went well, you should see
Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine. 

Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
Succeeded! 


but...
It Didn't Work!!!

If you setup your system like me, 
you may have encountered output containing a stupid error message like this one:Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
A configuration file cannot be created for the requested Configuration object.
Failed!



b471code3 from the ASP.NET forums hit the nail on the head with the answer:"I'm assuming you already checked this out but what I'd pay special attention to is the -site option. 

If the app's web.config you are trying to encrypt is not under the DefaultWebSite or you have deleted and recreated the DefaultWebSite, the -site option will need to be specified. 

For example, when IIS is installed, a Web site named "Default Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns "/LM/W3SVC/1". If you do not specify a -site option, site 1 is used."



But how do we get the site's INSTANCE_META_PATH? (Important)

Scott Forsynth tells you how to get the INSTANCE_META_PATH on his blog. Just make another .aspx file in your site with the following content:<%@ Page Language="C#" %>
<%
foreach (string var in Request.ServerVariables)
{
Response.Write(var + " " + Request[var] + "<br>");
}
%>



That will dump all the server variables to the page, in which you will find something like this:INSTANCE_META_PATH /LM/W3SVC/3



The number on the end is the site ID (It also looks like the INSTANCE_ID variable has just the site ID, but I'm not 100% sure if that is reliable). Take that and incorporate it into the encryption command. This is what the correct command looks like:
.\aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "3"



Note that I replace the application name with just a forward slash. If you do run an application inside your IIS site, you will need to include that. Personally, I don't normally do that, mainly to avoid issues withconfiguration inheritance.

And then you will have a super secret web.config section!

Comments

Popular posts from this blog

How to convert and crack windows server 2012 from Evaluation to Full

Dear All

This is a way how you Convert Evalution to Full

Step1:

Open CMD and run following command
DISM /online /Get-CurrentEdition


<edition ID> is like ServerStandard with out Eval

Step 2:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula



WINDOWS SERVER 2012
Serial Key

Windows Server 2012
DataCenter: 48HP8-DN98B-MYWDG-T2DCC-8W83P
Datacenter: Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW

Standard: XC9B7-NBPP2-83J2H-RHMBY-92BT4
Standard R2: DBGBW-NPF86-BJVTX-K3WKJ-MTB6V

Server Essentials:K2XGM-NMBT3-2R6Q8-WF2FK-P36R2


For Standard R2 here is a command
For R2 its like that
DISM /online /Set-Edition:ServerStandard /ProductKey:DBGBW-NPF86-BJVTX-K3WKJ-MTB6V /AcceptEula

Regards

Calling LoadLibraryEx on ISAPI filter “C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll” failed

Dear Readers
if you get the error

Calling LoadLibraryEx on ISAPI filter “C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll” failed


Here is the solution 
Get a command prompt in administrator mode and go to C:\Windows\Microsoft .NET\FrameWork64\v4.xxx
and run aspnet_regiis -r. This will re-register the right libraries. It has happened twice already to me.
For other frameworks (32 bit or other versions of .net make sure you go to the correct folder (i.e. Framework/v2.xxx, etc.)

xxxx is the the number which is present with the folder name so i suggest you guys to check the folder name in your directory

If "run aspnet_regiis -r" is not working and if you get the error run is not recognized command then just type " aspnet_regiis -r" it will run fine

Reason of problem
Your asp.net frame work has been change may be you have install the lower version on the higher version or may be because of any reason you have register another version in your IIS, in my cas…

RegisterStartupScript updated way to right Java script JS (Javascript) in code behind also work with update panel

Dear All
RegisterStartupScript is obsolete now the new way that works with update panel  is given below its is code behind file code also

VB Code Dim csname1 As String = "PopupScript"
Dim cstype As Type = Me.GetType()
Dim cs As ClientScriptManager = Page.ClientScript
Dim cstext1 As String = "alert('Your message');"
cs.RegisterStartupScript(cstype, csname1, cstext1, True)

C# Code
String csname1 = "PopupScript";
Type cstype = this.GetType();
ClientScriptManager cs = Page.ClientScript;
String cstext1 = "alert('Hello World');"; cs.RegisterStartupScript(cstype, csname1, cstext1, true);
I hope it will help you also 
Regards  Rashid Imran Bilgrami