Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Error encrypting identity element in web.config

Reply
Thread Tools

Error encrypting identity element in web.config

 
 
Rob Roberts
Guest
Posts: n/a
 
      05-09-2006
Using information that I got from this MSDN article:
http://msdn.microsoft.com/library/de...aght000023.asp, I
added an identity impersonate element to my web.config file that looks like
this:

<identity impersonate="true" username="MyDomain\TestUser"
password="TestPassword" />

This works fine for allowing a SqlMembershipProvider to access to a remote
SQL server, which is why I did this in the first place. But I'm running
into problems when I try to encrypt the identity element. I've used this
command, as specified in the above article:

aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite"

The command prompt says ""Encrypting configuration section...", and then
"Succeeded!" When I look at web.config in VS2005, the element has been
encrypted, but the IDE shows a few warnings in the "Error List" section.
The are:

Warning 1 The 'configProtectionProvider' attribute is not declared.
c:\inetpub\wwwroot\web.config 16 17 http://localhost/

Warning 2 The element cannot contain white space. Content model is empty.
c:\inetpub\wwwroot\web.config 16 78 http://localhost/

Warning 3 The element 'identity' cannot contain child element
'http://www.w3.org/2001/04/xmlenc#:EncryptedData' because the parent
element's content model is empty. c:\inetpub\wwwroot\web.config 17 10
http://localhost/

When I try to access a page in the site, I get a Configuration Error with
this error message:

"Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error
message from the provider: The RSA key container could not be opened."

Does anyone know what the problem is here? (By the way, this is on my
Windows XP development machine, not a real web server. I'm using .NET 2.0.)

Thanks in advance,
--Rob Roberts



 
Reply With Quote
 
 
 
 
Rob Roberts
Guest
Posts: n/a
 
      05-11-2006
I got this to work by using DPAPI encryption instead of RSA. The command to
use to do the encryption using DPAPI is this:

aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite" -prov
"DataProtectionConfigurationProvider"

See this article for more information:
http://msdn.microsoft.com/library/de...aght000005.asp.

An alternative that also should work is to continue to use RSA but to then
grant access to the key container to the user account that ASP.NET is
running under. The command for that should be something like this (although
this is untested):

aspnet_regiis -pa "NetFrameworkConfigurationKey" "TheFullAccountName"

--Rob Roberts

"Rob Roberts" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Using information that I got from this MSDN article:
> http://msdn.microsoft.com/library/de...aght000023.asp, I
> added an identity impersonate element to my web.config file that looks
> like this:
>
> <identity impersonate="true" username="MyDomain\TestUser"
> password="TestPassword" />
>
> This works fine for allowing a SqlMembershipProvider to access to a remote
> SQL server, which is why I did this in the first place. But I'm running
> into problems when I try to encrypt the identity element. I've used this
> command, as specified in the above article:
>
> aspnet_regiis -pef "system.web/identity" "C:\Sites\IntranetSite"
>
> The command prompt says ""Encrypting configuration section...", and then
> "Succeeded!" When I look at web.config in VS2005, the element has been
> encrypted, but the IDE shows a few warnings in the "Error List" section.
> The are:
>
> Warning 1 The 'configProtectionProvider' attribute is not declared.
> c:\inetpub\wwwroot\web.config 16 17 http://localhost/
>
> Warning 2 The element cannot contain white space. Content model is empty.
> c:\inetpub\wwwroot\web.config 16 78 http://localhost/
>
> Warning 3 The element 'identity' cannot contain child element
> 'http://www.w3.org/2001/04/xmlenc#:EncryptedData' because the parent
> element's content model is empty. c:\inetpub\wwwroot\web.config 17 10
> http://localhost/
>
> When I try to access a page in the site, I get a Configuration Error with
> this error message:
>
> "Failed to decrypt using provider 'RsaProtectedConfigurationProvider'.
> Error message from the provider: The RSA key container could not be
> opened."
>
> Does anyone know what the problem is here? (By the way, this is on my
> Windows XP development machine, not a real web server. I'm using .NET
> 2.0.)
>
> Thanks in advance,
> --Rob Roberts
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET 2.0 Impersonation of fixed identity - truncation of identity JimLad ASP .Net 0 01-16-2009 10:42 AM
Error with Encrypting identity section of web.config Lane ASP .Net Security 3 04-27-2006 06:19 PM
HttpContext.Current.User.Identity.Name AND Context.User.Identity.Name; nalbayo ASP .Net 2 11-11-2005 11:12 PM
Issue with Identity Impersonation and user identity used passed for trusted SQL connection. Frederick D'hont ASP .Net Security 0 07-25-2005 02:41 PM
Difference between HttpContext.Current.User.Identity and identity Impersonation Giovanni Bassi ASP .Net 0 10-20-2003 02:25 PM



Advertisments