in

Dot Net Mafia

Group site for developer blogs dealing with (usually) .NET, SharePoint 2013, SharePoint 2010, Office 365, SharePoint Online, and other Microsoft products, as well as some discussion of general programming related concepts.

This Blog

Syndication

Tags

Archives

Corey Roth [MVP]

A SharePoint MVP bringing you the latest time saving tips for SharePoint 2013, SharePoint 2010, Office 365, SharePoint Online, MOSS 2007, ASP.NET, LINQ, and Visual Studio 2012.

Encrypted Web.Config sections after deployment

A while back I posted about using aspnet_regiis to encrypt a section of a web.config. When trying this on a local machine, you will probably find that it works great. However, after deploying it I found a couple of things to look out for. First, is of course, make sure that the machine.config has a machineKey specified and it is the same across machines (including the original machine you did the encrpytion on).

I had already done that but when I tried to access the data, I found that I got the error "Failed to decrypt using provider 'RsaProtectedConfigurationProvider'.". This is because the network service account does not have access to the keytore by default, so you have to go and grant it on each target server. To do that run the command below.

aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT Authority\Network Service"

The Network Service account is the account asp.net typically runs under on Windows Server 2003. You would have to change this if you are running on Windows 2000.

After running this you shouldn't have any problem using an encrypted configuration section. If you need more help, refer to the article below from Microsoft.

How To: Encrypt Configuration Sections

Read the complete post at http://www.dotnettipoftheday.com/blog.aspx?id=248

Published Jan 27 2006, 11:21 AM by C-Dog's .NET Tip of the Day
2012 dotnetmafia.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems