Encrypting App.Config File

Encrypting app.config File

You cannot encrypt the entire <system.serviceModel> - it's a configuration section group, which contains configuration sections.

The aspnet_regiis will only encrypt configuration sections - so you need to selectively encrypt those parts you need, like this:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis.exe -pef "system.serviceModel/bindings" .
aspnet_regiis.exe -pef "system.serviceModel/services" .

etc.

With this, you can encrypt what you need easily - what isn't too important, can be left in clear text.

Word of warning: since it's aspnet_regiis, it expects to be dealing with a web.config file - copy your app.config to a location and call it web.config, encrypt your sections, and copy those encrypted sections back into your own app.config.

Or write your own config section encrypter/decrypter - it's really just a few lines of code! Or use mine - I wrote a small ConfigSectionCrypt utility, come grab it off my OneDrive - with full source (C# - .NET 3.5 - Visual Studio 2008). It allows you to encrypt and decrypt sections from any config file - just specify the file name on the command line.

Encrypt connection string in app.config

Have a look at This Article it has some very useful examples. You're basically looking for System.Configuration.SectionInformation.ProtectSection to help you out here.

Also have a peek at Implementing Protected Configuration

Encrypt App or Web.config using aspnet_regiis - Section 'xyz' not found

I think your command is wrong, even if the folder D:\Tes contains your web.config:

aspnet_regiis -pef connectionSettings D:\Tes -prov LiteProvider

You've mis-typed connectionSettings instead of the connectionStrings:

%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" <full path to directory containing web.config file>

isn't the syntax aspnet_regiis -pef [section name] [web.config path] ? the section name is connectionSettings not connectionStrings

Here is the result when I try it on my PC.

  1. Copy an App.Config with AppSettings (or ConnectionStrings) sections to C:\Temp, and rename it to Web.config.

  2. Run this command:
    %windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "appSettings" c:\Temp

Sample Image

After running the aspnet_regiis command the appSettings is encrypted:

Sample Image


  1. Rename the C:\Temp\Web.Config to App.Config

Solution

Your XML isn't the format expected, eg:

<server>192.168.1.xxx</server>
  <database>myDb</database>
  <uid>root</uid>

Use the standard appSettings or connectionStrings format:

<appSettings>
    <add key="server" value="192.168.1.xxx"/>
    <add key="database" value="myDb"/>
    <add key="uid" value="root"/>
    <add key="pwd" value="123"/>
</appSettings>

REF: https://social.msdn.microsoft.com/Forums/windows/en-US/3b5a1d1f-aa57-40d8-8607-fee0b2a8a6db/protect-appconfig-file-or-encrypt?forum=winforms

https://learn.microsoft.com/en-us/dotnet/api/system.configuration.configurationmanager.appsettings?view=netframework-4.7.2

https://learn.microsoft.com/en-us/dotnet/api/system.configuration.configurationmanager.connectionstrings?view=netframework-4.7.2

Encrypting connectionStrings section - utility for app.config

You can try the following:

https://magenic.com/thinking/encrypting-configuration-sections-in-net

In short - rename the app.config file to web.config - the schema is identical, so aspnet_regiis works. Rename back to app.config when finished.

External app config and encryption of settings

After a lot of research and looking into the code for NameValueFileSectionHandler i realized that the class was not able to resolve configSection's pointed to by the file="file path" attribute, if the external configSection where encrypted. Don't know if this was a bug or not in NameValueFileSectionHandler. Maybe someone here can answer that.

However I ended up writing my own NameValueFileSectionHandler which could return a NameValueCollection and handle encrypted external config files.

public class NameValueFileProtectedSectionHandler : IConfigurationSectionHandler
{
    public object Create(object parent, object configContext, XmlNode section)
    {
        object result = parent;

        XmlNode fileAttribute = section.Attributes.RemoveNamedItem("file");

        if (fileAttribute == null && fileAttribute.Value.Length == 0)
        {
            return new NameValueSectionHandler().Create(result, null, section);
        }

        IConfigErrorInfo configXmlNode = fileAttribute as IConfigErrorInfo;

        if (configXmlNode == null)
        {
            return null;
        }

        string directory = Path.GetDirectoryName(configXmlNode.Filename);
        string absoluteFilePath = Path.GetFullPath(directory + fileAttribute.Value);

        if (!File.Exists(absoluteFilePath))
        {
            throw new ConfigurationErrorsException(string.Format("external config file: {0} does not exists", absoluteFilePath));
        }

        var configXmlDocument = new ConfigXmlDocument();
        try
        {
            configXmlDocument.Load(absoluteFilePath);
        }
        catch (XmlException e)
        {
            throw new ConfigurationErrorsException(e.Message, e, absoluteFilePath, e.LineNumber);
        }

        if (section.Name != configXmlDocument.DocumentElement.Name)
        {
            throw new ConfigurationErrorsException(string.Format("Section name '{0}' in app.config does not match section name '{1}' in file '{2}'", section.Name, configXmlDocument.DocumentElement.Name, absoluteFilePath));
        }

        var nodeToDecrypt = configXmlDocument.DocumentElement["EncryptedData"];

        if (nodeToDecrypt == null)
        {
            throw new ConfigurationErrorsException(string.Format("External encrypted file {0} does not contain EncryptedData element", absoluteFilePath));
        }

        var protectionProvider = new DpapiProtectedConfigurationProvider();
        var decryptedConfigSection = protectionProvider.Decrypt(nodeToDecrypt);

        result = new NameValueSectionHandler().Create(result, null, decryptedConfigSection);

        return result;
    }
}

The handler is restricted to default configuration encryption. But I could imagine that it would be possible to extend the Create function to support custom providers as defined in the app.config file.


Related Topics

Get Affected Rows on Executenonquery

Returning the Nearest Multiple Value of a Number

Generating a Random Decimal in C#

Error: Must Create Dependencysource on Same Thread as the Dependencyobject Even by Using Dispatcher

Using a List as a Data Source for Datagridview

Console App Mouse-Click X Y Coordinate Detection/Comparison

How to Display the String HTML Contents into Webbrowser Control

How to Serialize and Save a Gameobject in Unity

Removing Event Handlers

C# Hide and Unhide Comments

Customizing Openfiledialog

Closing a File After File.Create

Why Does Guid.Tobytearray() Order the Bytes the Way It Does

Edit Specific Element in Xdocument

Programmatic Way to Get All the Available Languages (In Satellite Assemblies)

Disabling Screen Saver and Power Options in C#

The Data Source Does Not Support Server-Side Data Paging

Gethashcode() on Byte[] Array


Leave a reply



Submit