Error encrypting identity element in web.config

Discussion in 'ASP .Net Security' started by Rob Roberts, May 9, 2006.

  1. Rob Roberts

    Rob Roberts Guest

    Using information that I got from this MSDN article:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000023.asp, I
    added an identity impersonate element to my web.config file that looks like
    this:

    <identity impersonate="true" username="MyDomain\TestUser"
    password="TestPassword" />

    This works fine for allowing a SqlMembershipProvider to access to a remote
    SQL server, which is why I did this in the first place. But I'm running
    into problems when I try to encrypt the identity element. I've used this
    command, as specified in the above article:

    aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite"

    The command prompt says ""Encrypting configuration section...", and then
    "Succeeded!" When I look at web.config in VS2005, the element has been
    encrypted, but the IDE shows a few warnings in the "Error List" section.
    The are:

    Warning 1 The 'configProtectionProvider' attribute is not declared.
    c:\inetpub\wwwroot\web.config 16 17 http://localhost/

    Warning 2 The element cannot contain white space. Content model is empty.
    c:\inetpub\wwwroot\web.config 16 78 http://localhost/

    Warning 3 The element 'identity' cannot contain child element
    'http://www.w3.org/2001/04/xmlenc#:EncryptedData' because the parent
    element's content model is empty. c:\inetpub\wwwroot\web.config 17 10
    http://localhost/

    When I try to access a page in the site, I get a Configuration Error with
    this error message:

    "Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error
    message from the provider: The RSA key container could not be opened."

    Does anyone know what the problem is here? (By the way, this is on my
    Windows XP development machine, not a real web server. I'm using .NET 2.0.)

    Thanks in advance,
    --Rob Roberts
    Rob Roberts, May 9, 2006
    #1
    1. Advertising

  2. Rob Roberts

    Rob Roberts Guest

    I got this to work by using DPAPI encryption instead of RSA. The command to
    use to do the encryption using DPAPI is this:

    aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite" -prov
    "DataProtectionConfigurationProvider"

    See this article for more information:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000005.asp.

    An alternative that also should work is to continue to use RSA but to then
    grant access to the key container to the user account that ASP.NET is
    running under. The command for that should be something like this (although
    this is untested):

    aspnet_regiis -pa "NetFrameworkConfigurationKey" "TheFullAccountName"

    --Rob Roberts

    "Rob Roberts" <> wrote in message
    news:%...
    > Using information that I got from this MSDN article:
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000023.asp, I
    > added an identity impersonate element to my web.config file that looks
    > like this:
    >
    > <identity impersonate="true" username="MyDomain\TestUser"
    > password="TestPassword" />
    >
    > This works fine for allowing a SqlMembershipProvider to access to a remote
    > SQL server, which is why I did this in the first place. But I'm running
    > into problems when I try to encrypt the identity element. I've used this
    > command, as specified in the above article:
    >
    > aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite"
    >
    > The command prompt says ""Encrypting configuration section...", and then
    > "Succeeded!" When I look at web.config in VS2005, the element has been
    > encrypted, but the IDE shows a few warnings in the "Error List" section.
    > The are:
    >
    > Warning 1 The 'configProtectionProvider' attribute is not declared.
    > c:\inetpub\wwwroot\web.config 16 17 http://localhost/
    >
    > Warning 2 The element cannot contain white space. Content model is empty.
    > c:\inetpub\wwwroot\web.config 16 78 http://localhost/
    >
    > Warning 3 The element 'identity' cannot contain child element
    > 'http://www.w3.org/2001/04/xmlenc#:EncryptedData' because the parent
    > element's content model is empty. c:\inetpub\wwwroot\web.config 17 10
    > http://localhost/
    >
    > When I try to access a page in the site, I get a Configuration Error with
    > this error message:
    >
    > "Failed to decrypt using provider 'RsaProtectedConfigurationProvider'.
    > Error message from the provider: The RSA key container could not be
    > opened."
    >
    > Does anyone know what the problem is here? (By the way, this is on my
    > Windows XP development machine, not a real web server. I'm using .NET
    > 2.0.)
    >
    > Thanks in advance,
    > --Rob Roberts
    >
    >
    >
    Rob Roberts, May 11, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. -Steve-

    Encrypting web.config

    -Steve-, Aug 16, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    354
    -Steve-
    Aug 16, 2006
  2. Ollie Riches
    Replies:
    1
    Views:
    1,630
    Gregory A. Beamer
    Dec 4, 2008
  3. Alex. O. Koranteng

    Encrypting web.config file

    Alex. O. Koranteng, Dec 26, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    787
    Allen Chen [MSFT]
    Jan 2, 2009
  4. VR
    Replies:
    3
    Views:
    279
    Alek Davis
    Sep 9, 2003
  5. Lane
    Replies:
    3
    Views:
    371
    Dominick Baier [DevelopMentor]
    Apr 27, 2006
Loading...

Share This Page