Web Config Encryption/Decryption in Framework 4.0

December 20, 2010 Leave a Comment

The RSAProtectedConfigurationProvider is the default protected configuration providers. It supports machine level and user level key containers for key storage. RSA machine key containers are stored in “c:\Documents and Settings\All users\Application data\Microsoft\Crypto\RSA\MachineKeys” in Windows server 2003. The default ‘keycontainerName’ for RSAProtectedConfigurationProvider in machine.config is called ‘NetFrameworkConfigurationKey’ (it’s good practice to change it in the production servers).

To encrypt a web.config file with Framework 4.0 I have used the following steps,

1. Find the location of the root web folder. In this case its “D:\Inetpub\wwwroot\DemoWebsite
Create an RSA keypair in ContainerName:
2. The default ‘keycontainerName’ for RSAProtectedConfigurationProvider in machine.config is called ‘NetFrameworkConfigurationKey’ (it’s good practice to change it in the production servers). Modify the web.config in the root folder of the DemoWebsite by adding the following sub-section within the Configuration tag section. I have modified the KeyContainerName to “DemoWebsiteConfigurationKey” and the key name to “DemoWebsiteRSAProtectedConfigurationprovide”.

<configProtectedData>
<providers>
<add keyContainerName="DemoWebsiteConfigurationKey"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="DemoWebsiteRSAProtectedConfigurationprovider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>

Note: The keyContainerName default lives in machine.config (usually in C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CONFIG) we would find this section. We do not want to modify the default machine config, so create a configProtectedData tag in teh DemoWebsite’s web.config file.


<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
<providers>
<add name="RsaProtectedConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
keyContainerName="NetFrameworkConfigurationKey"
cspProviderName=""
useMachineContainer="true"
useOAEP="false" />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt"
useMachineProtection="true"
keyEntropy="" />
</providers>
</configProtectedData>

3. Windows > Run > cmd. If you are using Framework 4.0 the go to folder C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319. Run below to create the RSA cryptographic key container called “DemoWebsiteConfigurationKey”,
aspnet_regiis -pc “DemoWebsiteConfigurationKey” –exp

4. Grant access to the key container by the default asp.net account:
aspnet_regiis -pa “DemoWebsiteConfigurationKey” “NT Authority\Network Service”

Note: If you do not do this step you might see this error “Failed to decrypt using provider ‘RsaProtectedConfigurationProvider’. Error message from the provider: The RSA key container could not be opened”

5. Back up the web.config file, in case.Now to encrypt connection string type below and enter.
aspnet_regiis.exe -pef "connectionStrings" "D:\Inetpub\wwwroot\DemoWebsite" -prov "DemoWebsiteRSAProtectedConfigurationProvider"

6. Now to encrypt appSettings type below and enter.
aspnet_regiis.exe -pef "appSettings" "D:\Inetpub\wwwroot\DemoWebsite" -prov "DemoWebsiteRSAProtectedConfigurationProvider"

Now if you want to modify your web.config you have to decrypt using the steps below first. Then modify and encrypt again. To decrypt I did the following,

1. Windows > Run > cmd.
2. Go to folder C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319.
3. Find the location of the root web folder. In this case its “D:\Inetpub\wwwroot\DemoWebsite
4. Now to decrypt connection string type below and enter.
aspnet_regiis.exe -pdf "connectionStrings" "D:\Inetpub\wwwroot\DemoWebsite"
5. Now to decrypt appSettings type below and enter.
aspnet_regiis.exe -pdf "appSettings" "D:\Inetpub\wwwroot\DemoWebsite"

Reference:
http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
ASP.NET IIS Registration Tool
Encrypting the connection string in ASP.NET V2.0
RSA Algorithm
Encrypting configuration files using protected configuration
Managing Connection Strings for Web Farms in ASP.NET 2.0

Filed under ASP.NET, Security Tagged with

Enable Web Services Enhancements (WSE) 3.0 in Visual Studio 2008 and 2010

June 4, 2010 9 Comments

Web Service Enhancements 3 (WSE 3) is not officially supported for Visual Studio 2008. The reason is that Microsoft wants you migrate your code to WCF. Use this work around to enable Web Services Enhancements (WSE) 3.0 in VS2008 and VS2010.

1. Download and install Web Services Enhancements (WSE) 3.0 for Microsoft .NET. Make sure you have all the files after installing WSE v3.0. Note: Close Visual Studio before installing.

WSE v3.0 Installation Filesn under Program Files

WSE v3.0 Installation Filesn under Program Files

2. Go to the folder %ALLUSERSPROFILE%\Application Data\Microsoft\MSEnvShared\AddIns (notice that “Application Data” is hardcoded, which shouldn’t because Windows XP localizes that folder). If the folder is not there close Visual Studio and create the folder as show below.

Examples:
- Windows XP: “C:\Documents and Settings\All Users\Application Data\Microsoft\MSEnvShared\AddIns”
- Windows Vista / Windows 7: “C:\ProgramData\Microsoft\MSEnvShared\AddIns”

3. In the folder in step 2 you will find WSESettingsVS3.AddIn file. Backup WSESettingsVS3.AddIn before modifying. If its not there then create one with the file name WSESettingsVS3.Addin and type the content from the picture shown in step 4.

4. You’ll find two sections. Note that the version is 8.0. Copy and paste these two sections and change the version of the new sections to 9.0 (if using Visual Studio 2008) or 10.0 (if using Visual Studio 2010). Save the file.

WSESettingsVS3.Addin

WSESettingsVS3.Addin

5. Go to C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE (if using Visual Studio 2008) or C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE (if using Visual Studio 2010) and open the devenv.exe.config file. Backup the devenv.exe.config file and add the following snippet just above the closing tag inside the file. This helps Visual Studio to generate web service proxy classes using WSE.

Visual Studio 2010 devenv.exe.config

devenv.exe.config

<system.web>
<webServices>
<soapExtensionImporterTypes>
<add type=“Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35“ />
</soapExtensionImporterTypes>
</webServices>
</system.web>

7. Close all the instances of Visual Studio 2008 or Visual Studio 2010 and start the application again.

8. Open your project in VS2010 and right click on project to see the WSE Setting 3.0 option. Now you could configure WSE setting in VS2010. Good luck.

WSE Setting 3.0 under VS2010 project

WSE Setting 3.0 under VS2010 project

Reference:

Default .AddIn file locations for Visual Studio add-ins
How to use WSE 3 in Visual Studio 2008
Migrating WSE 3.0 Web Services to WCF
WSE 3.0 Setting Tool For Visual Studio 2008
How to use WSE 3 in Visual Studio 2008
How to use WSE 3 in Visual Studio 2010

Filed under ASP.NET, C#, Visual Studio 2010 Tagged with ,

Email validation regular expression do not work

July 31, 2009 Leave a Comment

Issue:
The dumb users copy email addresses with a space after and past to the email text box in a web form. They then found that they cannot submit the form. The email looks ok, but because there is a space behind the standard email validation regular expression declare it as wrong email.

Solution:
Standard Email validation regular expression is,
^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$

Add an extra space behind the standard regular expression to support dumb users,
^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z\s]{2,9})$

Resources:
http://msdn.microsoft.com/en-us/library/ms998267.aspx
http://msdn.microsoft.com/en-us/library/hs600312.aspx
http://www.regular-expressions.info/tutorial.html
http://regexlib.com/CheatSheet.aspx

Filed under ASP.NET

Older posts

Follow

Get every new post delivered to your Inbox.

Join 116 other followers