Articles - ORCS Web, Inc. Managed Complex Hosting Solutions

webteam@orcsweb.com

1-888-313-9421

ORCS Web, Managed Complex Hosting - Support

Site Navigation

Home

ORCS Webteam Blogs

Read up on the latest posts by our team.

Client Comments

Thank you very much for your help. I am VERY glad that we switch over to ORCS Web. I have not seen such BEST IN CLASS service for a long time. You save me a lot of time so I don't have to go another round of db transfer. Again, thank you and we look forward to a long partnership going forward.

Tat Au
Class510 Management, www.class510.com

Create, Export & Encrypt Connection String on Server and Dev Machine with ASP.Net 2.0
By Steve Schofield
April 26, 2006

This article covers some basic steps and commands to encrypt your connection string and other items in a configuration file using ASP.NET 2.0. Microsoft has made it easier to have a portable key that encrypts certain sections in a web.config that are normally clear text. I have not found a quick how-to reference to allow for a scenario where the key is both on a local development machine along with being on a remote web server. Developers like to test out their code locally before publishing to production.

In our case, we have shared clients at ORCS Web that want to encrypt their information for added security. ASP.NET 2.0 makes this simple. I am not going to cover this topic and I am assuming you already know this. If not, several good articles explain the architecture, basic commands etc. This article covers the scenario of creating a key on a production server then exporting the keys to an XML file where the developer can import and use on their local machine. The web.config is encrypted on their local dev box as well as on the remote server using the same RSA key.

Links to articles covering encrypting connection strings:

Step 1 – Create the Key - this has to be executed on the remote server:

How to create a key locally on shared server. The example key is named ‘YourCustomKey’ (without quotes) this can be named anything. These are stored in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys. Make sure the 'everyone' group has proper folder permissions to make this work

Step 2 - Add to container:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pc "YourCustomKey" -exp

Step 3 - Added to web.config at the root of the folder for the website. This has to be there prior to encrypting. This would be placed in the configuration file:

             
            <configuration>

              <configProtectedData>

                <providers>

                  <add keyContainerName="YourCustomKey"
            useMachineContainer="true" description="Uses
                RsaCryptoServiceProvider to encrypt and decrypt" name="YourCustomKey"
            type="System.Configuration.RsaProtectedConfigurationProvider,System._

            _Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
            />

                </providers>

              </configProtectedData>

            ..........the rest of your web.config settings.

            </configuration>

Step 4 - Encrypt (can also put quotes around it). Note: the c:\inetpub\wwwroot would be replaced with the absolute file path on your system and the web.config settings you are doing, this example assumes the connectionStrings part:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef connectionStrings c:\inetpub\wwwroot -prov YourCustomKey (web.config is assumed to already be present)

Decrypt- Note: the c:\inetpub\wwwroot would be replaced with the absolute file path on your system and the web.config settings you are doing, this example assumes the connectionStrings part:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pdf connectionStrings c:\inetpub\wwwroot -prov YourCustomKey

Export and give to clients to run on their own machine in an XML file:

-aspnet_regiis -px "YourCustomKey" "C:\temp\CustomKeys.xml" -pri

The -pri switch causes the private and public key to be exported. This enables both encryption and decryption. Without the –pri switch, you would only be able to encrypt data with the exported key.

The Client has to run this on their local machine:

Here's my command line session:

C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>aspnet_regiis.exe -pz
"YourCustomKey"
Deleting RSA Key container...
Succeeded!

C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>aspnet_regiis.exe -pi
"YourCustomKey" "c:\temp\CustomKeys.xml" -exp
Importing RSA Keys from file...
Succeeded!

At this point, the web app with the encrypted web.config works locally:

C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>aspnet_regiis.exe -pdf
connectionStrings "C:\Documents and Settings\Steve Schofield\My Documents\Visual Studio 2005\Web Sites\YourWebsitePath"
Decrypting configuration section...
Succeeded!

At this point, I check web.config and see it is decrypted:

C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>aspnet_regiis.exe -pef
connectionStrings "C:\Documents and Settings\Steve Schofield\My Documents\Visual Studio 2005\Web Sites\YourWebsitePath" -prov
"YourCustomKey"
Encrypting configuration section...
Succeeded!

Check web.config and its encrypted

Last Test

Upload web.config to remote host and verify this works on both the local machine as well as the remote server.

Steve Schofield is a Senior Internet Support Specialist with ORCS Web, Inc. - a company that provides managed hosting solutions for clients who develop and deploy their applications on Microsoft Windows platforms. Services include shared hosting, dedicated hosting, and webfarm hosting, with specialty in .Net, SQL Server, and architecting highly scalable solutions.