Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   several questions on encrypting the web.config file via VB code (http://www.velocityreviews.com/forums/t769816-several-questions-on-encrypting-the-web-config-file-via-vb-code.html)

Keith G Hicks 04-05-2008 03:57 PM
several questions on encrypting the web.config file via VB code
 
I'm using asp.net 2.0

I've managed to convert some C# code I found so that it does encrytp the
connectionStrings section of my web.config file on my development machine.
My next step is to try it out on the site I have running on a *shared*
hosting plane.

The VB code below will create a MACHINE key, not a USER key. It's like doing
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" instead of
this: aspnet_regiis -pe "connectionStrings" -app "/MyWebsite" -prov
"MyUserRSAProtectedConfigurationProvider"

Imports System.Web.Configuration

Partial Class _Default

Inherits System.Web.UI.Page

'THis code ogiginally from here:
http://davidhayden.com/blog/dave/arc...1/17/2572.aspx

Protected Sub UnProtect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button2.Click
Call UnProtectSection("connectionStrings")
End Sub

Protected Sub Protect_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Call ProtectSection("connectionStrings",
"RSAProtectedConfigurationProvider")
End Sub

Protected Sub ProtectSection(ByVal sectionName As String, ByVal provider
As String)

Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Reque st.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)

If Not section.Equals(System.DBNull.Value) And Not
section.SectionInformation.IsProtected Then
section.SectionInformation.ProtectSection(provider )
config.Save()
End If

End Sub

Protected Sub UnProtectSection(ByVal sectionName As String)

Dim config As Configuration =
WebConfigurationManager.OpenWebConfiguration(Reque st.ApplicationPath)
Dim section As ConfigurationSection = config.GetSection(sectionName)

If Not section.Equals(System.DBNull.Value) And
section.SectionInformation.IsProtected Then
section.SectionInformation.UnprotectSection()
config.Save()
End If

End Sub

End Class

I have a few questions.

1. How can I modify the above code to do User key and do I need to do
anything additional to my web.config file to do that (also see question 3
below)?

2. Is one preferred over the other (machine or user) for shared hosting
situations?

3. This code was suggested (by this site:
http://channel9.msdn.com/wiki/defaul...ptConfiguratio
nSectionsUsingRsaInAspNet20?diff=y) as an addition to the web.config in
order to do the user key but it does NOT work. I cannot figure out how to
modify it so that it does:

<configProtectedData>
<protectedData>
<providers>
<add keyContainerName="NetFrameworkConfigurationKey"
useMachineContainer="false"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="MyUserRSAProtectedConfigurationprovider"

type="System.Configuration.RsaProtectedConfigurati onProvider,System.Configur
ation, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</configProtectedData>
</protectedData>

4. I do not understand where the value for PublicKeyToken comes from. Coudl
someone either explain that clearly or point me to somewhere that does? All
the samples I've found relating to this don't bother to explain that at all.

Thanks,

Keith


All times are GMT. The time now is 07:42 AM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57