I am developing an installer
that installs
a web app
, part of the install
process requires me to set some custom configuration in the web.config and then right at the end I encrypt this section along with the connection strings section.
Everything looks great and my app completes without error and when I view the web.config
in a text editor the sections I have encrypted
do indeed appear to to be encrypted, however, when I come to load the web app I am confronted with the following error
:
Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: '', hexadecimal value 0x12, is an invalid character. Line 18, position 54.
What I have managed to find out so far is that the above issue does not happen if I only encrypt the connection strings section, it only appears to be something to do with reading my custom section. So my question is: Do I need to implement something in my custom configuration getter to decrypt the section first before reading or is this something that .NET should be doing for me and I need to explore something different?
My code is below. I have just included the bits that I think matter, if you need to see more just let me know and I will update the question.
Thanks in advance.
Web.Config output
<configSections>
<section name="EngageConfiguration" type="BeaconAPI.EngageConfiguration, ConfigExtensions" />
</configSections>
<EngageConfiguration configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>gAGuJwEoWS+0jMrTuyzDQ7pKxeMaAdeXXr53UvkbaXCm5JH/pO522+EWo4faSCRaBUxoBumbgMI69WRvsqrq9eS3Q+MAmLaxtGG21raC5MpF19xfjDfsbxsE6ZDB3mPTxxkXCuGmcLdWtm64PER3F8CrSmJYBAx99BZ07FfddINIeJwXU60sAFfAVGSKa5yxKNGlDcTSkPMlYxy3MrCNPgp+TipsZDK/AGL4HeZoDcNwQbFYHwXWHqJTJMPTV5xsXeXp5IdLLaziWZaecnYi2p6vLqMoU79G/Nuzga/VyQ914rYVUZXFIuDHO1WwhKwzs3sIgPoADnaUj5AwCs3DrQ==</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>yHh7cBKbgz1c7YSkjVVYGDZB3EhRj0QTiQY3AH3YwAISO5yAuNmhiHCPiT6XoGPTd6Bgq9Ltnl++5T8q9JN4xMzJ6OecchxWUG6TMZxmAqiCK2arkPtzO1pMISK5+SlwXr0Z5VsJDGGnTRaVcjFAviHxLIfeoL5m41Q3nRoUPnb/63xVLAdAiDN/d3pT+W08nOhRynNVBR73zVcby7+g8rUplU9ANj8aE2oX7Kja2rxabQiAjwLs3V4fv+eTlwHmVdRmw6QT+VQEkwGySyocfGNJgXlmUJGbWkyazZQtWgXw67hQMe2qGd+OGt5AfM5i020f7rXLP7gowjyR992PPGXL87ihv1X7JLaDstolvNEBP7lTLP4UCDk1u/p/fzscJfNmW0iSmARn1K9in4FKWdZEprO8Pcd2cLzSLg/czq3oRs8DtLRHdf44DdCd+F/NFn4pVL4D/w+HseicrK120yVBzqlkxB0lvJH853KQCd+hYrMOf7kxuHckgUBpVlDuNbsOr4z4X3A6jFoAEajP2QDrRfNc3eBHt43LEIDWDKKl+Gzw4OTm/ksL/P4lmpiUYMqMskxSkw2ZHH2LJ1joAg6lQbI8nffyrlxpRyg5fgCk5yNJ1rlttpAfD+YbIdpDl+wJbn+pcm9NK6POG1n8kZAGvkkak4h1ypWWYU2/QxOIXi5a+ov4uMoTrKxchdqeIRNqDKnV1NxhRMqM0nQMPbSb3TP7WIFF/20QCZPPPmoyaZWljgnWwIE/+jba5ObKA03sPYJTsywLNJLDaSnqXKV4lmcmGIUCTlfPltAEtXKoFQuD0J7j6BD/64vfeWEv3fUTo7JeH2jxch2U/NTmgtQhopJXzAXChRI4HV4E/Qj2Z9xWiOOj6SW/dSUATk3MKtZI7OACQ5XVQD4ZZVm9Gln3hq3HWnGYuWLkI+KohvKMSSzs5qlCt+zAEVeQ/j7n98xYaFFWgjYkx9xo6VokAP+cxqwM3AT3XIAEXI/hpSlxk9JENYk9aET+OMTR4vYjSglrXMeTV2pX2kpw3dp86M8nZgOp1/yY2KoPzOvtpfFEDTxeH2TTTklpxRk0hNXIDGU8i3OUz/jQ8vbsZdrXwTPLGnAq4xlAdqmUuXq0LHK5MGIL+4GRjR5ACPhA3ktHI/QRO+I8gkStW6ZmhhM9oEBb4lFoKlZJVvvgaaGjvRJ348QtlCFb/8EAjj3Q0mnW9QMRKdUwAoh+nhrJe9jhdUXgqp7QiEw6NtaHULJM+SyrrDWjLmTvLJrpAgpNIuPcZtqyLrwRdfmvJQLH/P2HHNwCEnXVXwtotkUBnu8y+of4FIFx7GuzjQo/uEIQq6p1JW2pS1QiodDfPuZJqoCKsU4QUqoaLXpI1SRGGc1+2xrelyQj9X8HS601ZXURk+0EJhz7aRvSktQlSecdeTFr5ZgtR4zrcVvdXFvoCdT5cQv++8hsyN/VajDYvUCwKscarvd4JTahqnR1ODEg3e2m8NdWOdVzy5dbMSGt1i+ecrxQtMqxCOSUCGd+Ryb+Nqiprh4RO+usoxFQH6IkSAPMM3iNDLSw8Qp00mA6+g/ulGHkxyv2JVp/G+K+AAhLzTdMoqF8JYYbn+xcoXec8K/WycyjGZ4IsivePYg0xEoegq5ZZbkcKQOrz+OxnRiZEmyz</CipherValue>
</CipherData>
</EncryptedData>
Code used to encrypt section
private static void WebConfigEncryptSection(Configuration config, string SectionName)
{
if (!config.GetSection(SectionName).SectionInformation.IsProtected)
{
config.GetSection(SectionName).SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
}
}
Code used to try and access values
private static void GetConfigValue(EngageConfiguration engageConfiguration, string Val)
{
return engageConfiguration.SystemConfiguration[Val].Value;
}
Instead of encrypting sections of web.config, I would create an xml configuration file with encrypted values that you can deserialize/serialize from/to a class. I like keeping web.config and app.config as simplier as possible.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.