D
Diane Droubay
I have encrypted the identity section of my web.config file, using the RSA
provider. The built-in encrypt/decrypt works just fine. The problem is, when
I move the app to another machine.
My web.config provider entry looks like this.
<configProtectedData>
<providers>
<add name="MyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
keyContainerName="MyKey" useMachineContainer="false"/>
</providers>
</configProtectedData>
I moved the app, exported the key using the Certificate snap-in in mmc, then
imported it into the other machine and used aspnet_regiis to grant
permissions to the ASPNET user. When I try to run my app on this box, I get
the following error:
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: Failed to decrypt using provider
'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA
key container could not be opened.
Source Error:
Line 68: <authentication mode="Windows"/>
Line 69: <identity
configProtectionProvider="RsaProtectedConfigurationProvider">
Line 70: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 72: <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
If I delete the encrypted section in the web.config file on the new box,
then re-encrypt from there, it works fine again, but is not portable to my
other machine. This makes me think that the export/import is not working
correctly.
Any ideas?
Thanks.
provider. The built-in encrypt/decrypt works just fine. The problem is, when
I move the app to another machine.
My web.config provider entry looks like this.
<configProtectedData>
<providers>
<add name="MyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
keyContainerName="MyKey" useMachineContainer="false"/>
</providers>
</configProtectedData>
I moved the app, exported the key using the Certificate snap-in in mmc, then
imported it into the other machine and used aspnet_regiis to grant
permissions to the ASPNET user. When I try to run my app on this box, I get
the following error:
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: Failed to decrypt using provider
'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA
key container could not be opened.
Source Error:
Line 68: <authentication mode="Windows"/>
Line 69: <identity
configProtectionProvider="RsaProtectedConfigurationProvider">
Line 70: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 72: <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
If I delete the encrypted section in the web.config file on the new box,
then re-encrypt from there, it works fine again, but is not portable to my
other machine. This makes me think that the export/import is not working
correctly.
Any ideas?
Thanks.