Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Export / Import key problem

Reply
Thread Tools

Export / Import key problem

 
 
Diane Droubay
Guest
Posts: n/a
 
      08-17-2007
I have encrypted the identity section of my web.config file, using the RSA
provider. The built-in encrypt/decrypt works just fine. The problem is, when
I move the app to another machine.

My web.config provider entry looks like this.

<configProtectedData>
<providers>
<add name="MyProvider"
type="System.Configuration.RsaProtectedConfigurati onProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
keyContainerName="MyKey" useMachineContainer="false"/>
</providers>
</configProtectedData>

I moved the app, exported the key using the Certificate snap-in in mmc, then
imported it into the other machine and used aspnet_regiis to grant
permissions to the ASPNET user. When I try to run my app on this box, I get
the following error:

Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: Failed to decrypt using provider
'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA
key container could not be opened.

Source Error:


Line 68: <authentication mode="Windows"/>
Line 69: <identity
configProtectionProvider="RsaProtectedConfiguratio nProvider">
Line 70: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 72: <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />


If I delete the encrypted section in the web.config file on the new box,
then re-encrypt from there, it works fine again, but is not portable to my
other machine. This makes me think that the export/import is not working
correctly.

Any ideas?

Thanks.



 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      08-26-2007
use aspnet_regiis for the im/export...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> I have encrypted the identity section of my web.config file, using the
> RSA provider. The built-in encrypt/decrypt works just fine. The
> problem is, when I move the app to another machine.
>
> My web.config provider entry looks like this.
>
> <configProtectedData>
> <providers>
> <add name="MyProvider"
> type="System.Configuration.RsaProtectedConfigurati onProvider,
> System.Configuration, Version=2.0.0.0, Culture=neutral,
> PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
> keyContainerName="MyKey" useMachineContainer="false"/>
> </providers>
> </configProtectedData>
> I moved the app, exported the key using the Certificate snap-in in
> mmc, then imported it into the other machine and used aspnet_regiis to
> grant permissions to the ASPNET user. When I try to run my app on this
> box, I get the following error:
>
> Configuration Error Description: An error occurred during the
> processing of a configuration file required to service this request.
> Please review the specific error details below and modify your
> configuration file appropriately.
>
> Parser Error Message: Failed to decrypt using provider
> 'RsaProtectedConfigurationProvider'. Error message from the provider:
> The RSA key container could not be opened.
>
> Source Error:
>
> Line 68: <authentication mode="Windows"/>
> Line 69: <identity
> configProtectionProvider="RsaProtectedConfiguratio nProvider">
> Line 70: <EncryptedData
> Type="http://www.w3.org/2001/04/xmlenc#Element"
> Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
> Line 72: <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
> If I delete the encrypted section in the web.config file on the new
> box, then re-encrypt from there, it works fine again, but is not
> portable to my other machine. This makes me think that the
> export/import is not working correctly.
>
> Any ideas?
>
> Thanks.
>



 
Reply With Quote
 
 
 
 
Diane Droubay
Guest
Posts: n/a
 
      08-27-2007
Thanks. I'll give that a try.

Diane

"Dominick Baier" wrote:

> use aspnet_regiis for the im/export...
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > I have encrypted the identity section of my web.config file, using the
> > RSA provider. The built-in encrypt/decrypt works just fine. The
> > problem is, when I move the app to another machine.
> >
> > My web.config provider entry looks like this.
> >
> > <configProtectedData>
> > <providers>
> > <add name="MyProvider"
> > type="System.Configuration.RsaProtectedConfigurati onProvider,
> > System.Configuration, Version=2.0.0.0, Culture=neutral,
> > PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
> > keyContainerName="MyKey" useMachineContainer="false"/>
> > </providers>
> > </configProtectedData>
> > I moved the app, exported the key using the Certificate snap-in in
> > mmc, then imported it into the other machine and used aspnet_regiis to
> > grant permissions to the ASPNET user. When I try to run my app on this
> > box, I get the following error:
> >
> > Configuration Error Description: An error occurred during the
> > processing of a configuration file required to service this request.
> > Please review the specific error details below and modify your
> > configuration file appropriately.
> >
> > Parser Error Message: Failed to decrypt using provider
> > 'RsaProtectedConfigurationProvider'. Error message from the provider:
> > The RSA key container could not be opened.
> >
> > Source Error:
> >
> > Line 68: <authentication mode="Windows"/>
> > Line 69: <identity
> > configProtectionProvider="RsaProtectedConfiguratio nProvider">
> > Line 70: <EncryptedData
> > Type="http://www.w3.org/2001/04/xmlenc#Element"
> > Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
> > Line 72: <EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
> > If I delete the encrypted section in the web.config file on the new
> > box, then re-encrypt from there, it works fine again, but is not
> > portable to my other machine. This makes me think that the
> > export/import is not working correctly.
> >
> > Any ideas?
> >
> > Thanks.
> >

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Export to PDF with google maps + msacces export Maarten Porters Ruby 1 07-28-2008 01:45 PM
How to export/import Wireless settings on a domain? Frank Larsen Wireless Networking 0 08-27-2005 11:04 AM
Replace Tab Key to Return Key (Enter Key) from Web Forms? M P ASP General 1 08-06-2004 08:32 AM
Invalid export DLL or export format =?Utf-8?B?RGF2aWQgVmFsbGU=?= ASP .Net 0 10-29-2003 11:46 AM



Advertisments