Hi all
I am using the aspnet_regiis set of commands to create and a provider and encrypt/decrypt the connection string in a web.config file. The problem that I am having is that I generate the key on one machine and encrypt the config file. I then export the key and import onto my server, and assign the relevant permissions. I now want to remove the key so that nobody can look at the web.config file and be able to simply run the decryption command to see the connection string.
Here are the commands that I use:
1. generate machine level rsa key
2. Encrypt the connection string
3. Export the key
4. Import the key into the server
5. Grant access to the custom key store
6. Delete Rsa key container
If I run the command to delete the rsa key container, the system is unable to unencrypt the connection string. What step am I missing? If I have completed all the steps correctly, how can this be secure from a user that manages to get on the server?
To provide further information, I have added the following to the standard web.config file:
Mike55.
Mike55.
I am using the aspnet_regiis set of commands to create and a provider and encrypt/decrypt the connection string in a web.config file. The problem that I am having is that I generate the key on one machine and encrypt the config file. I then export the key and import onto my server, and assign the relevant permissions. I now want to remove the key so that nobody can look at the web.config file and be able to simply run the decryption command to see the connection string.
Here are the commands that I use:
1. generate machine level rsa key
Code:
Aspnet_regiis pc CustomKeys exp
2. Encrypt the connection string
Code:
Aspnet_regiis pe connectionStrings app /project name prov CustomProvider
3. Export the key
Code:
Aspnet_regiis px CustomKeys C:\temp\CustomKeys.xml pri
4. Import the key into the server
Code:
aspnet_regiis pi CustomKeys C:\temp\CustomKeys.xml
5. Grant access to the custom key store
Code:
Aspnet_regiis pa CustomKeys NT Authority\Network Service
Aspnet_regiis pa CustomKeys ASPNET
6. Delete Rsa key container
Code:
Aspnet_regiis pz CustomKeys
If I run the command to delete the rsa key container, the system is unable to unencrypt the connection string. What step am I missing? If I have completed all the steps correctly, how can this be secure from a user that manages to get on the server?
To provide further information, I have added the following to the standard web.config file:
Code:
<configuration xmlns=http://schemas.microsoft.com/.NetConfiguration/v2.0>
<configProtectedData>
<providers>
<clear/>
<add keyContainerName=CustomKeys
useMachineContainer=true
description=Users RsaCryptoServiceProvider to encrypt and decrypt
name=CustomProvider
type=System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a/>
</providers>
</configProtectedData>
<connectionStrings>
<add name=myConn connectionString=your connection string
/>
</connectionStrings>
Mike55.