several questions on encrypting the web.config file via VB code

Discussion in 'ASP .Net Security' started by Keith G Hicks, Apr 5, 2008.

  1. I'm using asp.net 2.0

    I've managed to convert some C# code I found so that it does encrytp the
    connectionStrings section of my web.config file on my development machine.
    My next step is to try it out on the site I have running on a *shared*
    hosting plane.

    The VB code below will create a MACHINE key, not a USER key. It's like doing
    this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" instead of
    this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" -prov
    "MyUserRSAProtectedConfigurationProvider"

    Imports System.Web.Configuration

    Partial Class _Default

    Inherits System.Web.UI.Page

    'THis code ogiginally from here:
    http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx

    Protected Sub UnProtect_Click(ByVal sender As Object, ByVal e As
    System.EventArgs) Handles Button2.Click
    Call UnProtectSection("connectionStrings")
    End Sub

    Protected Sub Protect_Click(ByVal sender As Object, ByVal e As
    System.EventArgs) Handles Button1.Click
    Call ProtectSection("connectionStrings",
    "RSAProtectedConfigurationProvider")
    End Sub

    Protected Sub ProtectSection(ByVal sectionName As String, ByVal provider
    As String)

    Dim config As Configuration =
    WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
    Dim section As ConfigurationSection = config.GetSection(sectionName)

    If Not section.Equals(System.DBNull.Value) And Not
    section.SectionInformation.IsProtected Then
    section.SectionInformation.ProtectSection(provider)
    config.Save()
    End If

    End Sub

    Protected Sub UnProtectSection(ByVal sectionName As String)

    Dim config As Configuration =
    WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
    Dim section As ConfigurationSection = config.GetSection(sectionName)

    If Not section.Equals(System.DBNull.Value) And
    section.SectionInformation.IsProtected Then
    section.SectionInformation.UnprotectSection()
    config.Save()
    End If

    End Sub

    End Class

    I have a few questions.

    1. How can I modify the above code to do User key and do I need to do
    anything additional to my web.config file to do that (also see question 3
    below)?

    2. Is one preferred over the other (machine or user) for shared hosting
    situations?

    3. This code was suggested (by this site:
    http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToEncryptConfiguratio
    nSectionsUsingRsaInAspNet20?diff=y) as an addition to the web.config in
    order to do the user key but it does NOT work. I cannot figure out how to
    modify it so that it does:

    <configProtectedData>
    <protectedData>
    <providers>
    <add keyContainerName="NetFrameworkConfigurationKey"
    useMachineContainer="false"
    description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
    name="MyUserRSAProtectedConfigurationprovider"

    type="System.Configuration.RsaProtectedConfigurationProvider,System.Configur
    ation, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    />
    </providers>
    </configProtectedData>
    </protectedData>

    4. I do not understand where the value for PublicKeyToken comes from. Coudl
    someone either explain that clearly or point me to somewhere that does? All
    the samples I've found relating to this don't bother to explain that at all.

    Thanks,

    Keith
     
    Keith G Hicks, Apr 5, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. -Steve-

    Encrypting web.config

    -Steve-, Aug 16, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    366
    -Steve-
    Aug 16, 2006
  2. Ollie Riches
    Replies:
    1
    Views:
    1,659
    Gregory A. Beamer
    Dec 4, 2008
  3. Alex. O. Koranteng

    Encrypting web.config file

    Alex. O. Koranteng, Dec 26, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    816
    Allen Chen [MSFT]
    Jan 2, 2009
  4. VR
    Replies:
    3
    Views:
    297
    Alek Davis
    Sep 9, 2003
  5. Lane
    Replies:
    3
    Views:
    398
    Dominick Baier [DevelopMentor]
    Apr 27, 2006
Loading...

Share This Page