stackoom
  简体   繁体   中英

Encrypting App.config / Web.config file

 原文  2017-11-15 10:54:31       c#

Question

I am abusing the Web.config file as the config file of some windows service exe files, because the service mostly needs the same settings as the IIS: 

Directory.SetCurrentDirectory(AppDomain.CurrentDomain.BaseDirectory);

if (File.Exists("..\\Web.config"))
{
    var path = Path.GetFullPath("..\\Web.config");
    logger.Info("Web.config gefunden in {0}", path);
    AppConfig.Change(path);
}

Someone else has tried to encrypt parts of the Web.config file: 

aspnet_regiis -pe connectionStrings -app /ourapp

Renaming an original App.config to Web.config and back seems to be Microsoft's recommended way of encrypting an App.config file:

https://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file

However, the windows services won't start:

Anwendung: MyService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException 

bei System.Configuration.RsaProtectedConfigurationProvider.ThrowBetterException(Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.GetCryptoServiceProvider(Boolean, Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.Decrypt(System.Xml.XmlNode)  
bei System.Configuration.ProtectedConfigurationSection.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider)  
bei System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.Internal.DelegatingConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.RuntimeConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.DecryptConfigSection(System.Configuration.ConfigXmlReader, System.Configuration.ProtectedConfigurationProvider)

Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException 

bei System.Configuration.BaseConfigurationRecord.EvaluateOne(System.String[], System.Configuration.SectionInput, Boolean, System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object)  
bei System.Configuration.BaseConfigurationRecord.Evaluate(System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)  
bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.get_ConnectionStrings()  
bei MyService.Program.Main(System.String[])

Why is this and how can I fix it?

1 answers

solution1
 5 ACCPTED  2017-11-15 11:28:15

You need to grant permissions to access RSA container with which your section has been encrypted to the account under which your service runs. By default (with aspnet_regiis command you used in your question), that container is named "NetFrameworkConfigurationKey", so you need to do this: 

aspnet_regiis -pa "NetFrameworkConfigurationKey" "YourServiceAccountHere"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encrypting app.config File Single NuGet transformation file for web.config and app.config App.config or Web.config Encrypting Web.Config Encrypting class library app.config file Encrypting connectionStrings in a web.config file Encrypting <appSettings> tags in web.config file How can I add an app.config or web.config file in Visual Studio Web 2013? web.config, app.config priority / dependancies and usage on compilation Assemblies, Web.config and App.Config — Building failover logic
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM