Encrypting app.config File
You cannot encrypt the entire <system.serviceModel>
- it's a configuration section group, which contains configuration sections.
The aspnet_regiis
will only encrypt configuration sections - so you need to selectively encrypt those parts you need, like this:
cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis.exe -pef "system.serviceModel/bindings" .
aspnet_regiis.exe -pef "system.serviceModel/services" .
etc.
With this, you can encrypt what you need easily - what isn't too important, can be left in clear text.
Word of warning: since it's aspnet_regiis
, it expects to be dealing with a web.config
file - copy your app.config
to a location and call it web.config
, encrypt your sections, and copy those encrypted sections back into your own app.config
.
Or write your own config section encrypter/decrypter - it's really just a few lines of code! Or use mine - I wrote a small ConfigSectionCrypt
utility, come grab it off my OneDrive - with full source (C# - .NET 3.5 - Visual Studio 2008). It allows you to encrypt and decrypt sections from any config file - just specify the file name on the command line.
Encrypt connection string in app.config
Have a look at This Article it has some very useful examples. You're basically looking for System.Configuration.SectionInformation.ProtectSection
to help you out here.
Also have a peek at Implementing Protected Configuration
Encrypt App or Web.config using aspnet_regiis - Section 'xyz' not found
I think your command is wrong, even if the folder D:\Tes contains your web.config:
aspnet_regiis -pef connectionSettings D:\Tes -prov LiteProvider
You've mis-typed connectionSettings instead of the connectionStrings:
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" <full path to directory containing web.config file>
isn't the syntax aspnet_regiis -pef [section name] [web.config path] ? the section name is connectionSettings not connectionStrings
Here is the result when I try it on my PC.
Copy an App.Config with AppSettings (or ConnectionStrings) sections to C:\Temp, and rename it to Web.config.
Run this command:
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "appSettings" c:\Temp
After running the aspnet_regiis command the appSettings is encrypted:
- Rename the C:\Temp\Web.Config to App.Config
Solution
Your XML isn't the format expected, eg:
<server>192.168.1.xxx</server>
<database>myDb</database>
<uid>root</uid>
Use the standard appSettings or connectionStrings format:
<appSettings>
<add key="server" value="192.168.1.xxx"/>
<add key="database" value="myDb"/>
<add key="uid" value="root"/>
<add key="pwd" value="123"/>
</appSettings>
REF: https://social.msdn.microsoft.com/Forums/windows/en-US/3b5a1d1f-aa57-40d8-8607-fee0b2a8a6db/protect-appconfig-file-or-encrypt?forum=winforms
https://learn.microsoft.com/en-us/dotnet/api/system.configuration.configurationmanager.appsettings?view=netframework-4.7.2
https://learn.microsoft.com/en-us/dotnet/api/system.configuration.configurationmanager.connectionstrings?view=netframework-4.7.2
Encrypting connectionStrings section - utility for app.config
You can try the following:
https://magenic.com/thinking/encrypting-configuration-sections-in-net
In short - rename the app.config
file to web.config
- the schema is identical, so aspnet_regiis
works. Rename back to app.config
when finished.
External app config and encryption of settings
After a lot of research and looking into the code for NameValueFileSectionHandler
i realized that the class was not able to resolve configSection's pointed to by the file="file path"
attribute, if the external configSection where encrypted. Don't know if this was a bug or not in NameValueFileSectionHandler
. Maybe someone here can answer that.
However I ended up writing my own NameValueFileSectionHandler
which could return a NameValueCollection
and handle encrypted external config files.
public class NameValueFileProtectedSectionHandler : IConfigurationSectionHandler
{
public object Create(object parent, object configContext, XmlNode section)
{
object result = parent;
XmlNode fileAttribute = section.Attributes.RemoveNamedItem("file");
if (fileAttribute == null && fileAttribute.Value.Length == 0)
{
return new NameValueSectionHandler().Create(result, null, section);
}
IConfigErrorInfo configXmlNode = fileAttribute as IConfigErrorInfo;
if (configXmlNode == null)
{
return null;
}
string directory = Path.GetDirectoryName(configXmlNode.Filename);
string absoluteFilePath = Path.GetFullPath(directory + fileAttribute.Value);
if (!File.Exists(absoluteFilePath))
{
throw new ConfigurationErrorsException(string.Format("external config file: {0} does not exists", absoluteFilePath));
}
var configXmlDocument = new ConfigXmlDocument();
try
{
configXmlDocument.Load(absoluteFilePath);
}
catch (XmlException e)
{
throw new ConfigurationErrorsException(e.Message, e, absoluteFilePath, e.LineNumber);
}
if (section.Name != configXmlDocument.DocumentElement.Name)
{
throw new ConfigurationErrorsException(string.Format("Section name '{0}' in app.config does not match section name '{1}' in file '{2}'", section.Name, configXmlDocument.DocumentElement.Name, absoluteFilePath));
}
var nodeToDecrypt = configXmlDocument.DocumentElement["EncryptedData"];
if (nodeToDecrypt == null)
{
throw new ConfigurationErrorsException(string.Format("External encrypted file {0} does not contain EncryptedData element", absoluteFilePath));
}
var protectionProvider = new DpapiProtectedConfigurationProvider();
var decryptedConfigSection = protectionProvider.Decrypt(nodeToDecrypt);
result = new NameValueSectionHandler().Create(result, null, decryptedConfigSection);
return result;
}
}
The handler is restricted to default configuration encryption. But I could imagine that it would be possible to extend the Create function to support custom providers as defined in the app.config file.
Related Topics
Get Affected Rows on Executenonquery
Returning the Nearest Multiple Value of a Number
Generating a Random Decimal in C#
Error: Must Create Dependencysource on Same Thread as the Dependencyobject Even by Using Dispatcher
Using a List as a Data Source for Datagridview
Console App Mouse-Click X Y Coordinate Detection/Comparison
How to Display the String HTML Contents into Webbrowser Control
How to Serialize and Save a Gameobject in Unity
Closing a File After File.Create
Why Does Guid.Tobytearray() Order the Bytes the Way It Does
Edit Specific Element in Xdocument
Programmatic Way to Get All the Available Languages (In Satellite Assemblies)
Disabling Screen Saver and Power Options in C#