Can iisnode be configured to handle (or ignore) encrypted appSettings?

Question

We have iisnode setup to handle requests to one sub-directory of our ASP.NET web application. As a security measure we encrypt our appSettings. None of the iisnode-related config is particularly senstive, but other parts of the app store passwords there.

However, iisnode is throwing 500 errors when the appSettings of web.config is encrypted.

I believe I have confirmed that throws the errors whether you reference the appSetting variables or not.

I'm open to moving my configuration to one of the iisnode-specific config files – or even just a js file -- but I need to encrypt appSettings.

So I need iisnode to handle the encrypted appSettings, either by gracefully ignoring it or by reading from it correctly. Is that something that can be configured for, or are should I be looking at patching the iisnode code?

score 0 · Answer 1 · answered Feb 20 '13 at 12:37

I entered this as a bug in iisnode at the suggestion of Tomasz Janczuk, so I guess the answer to the question is, 'No'.

The workaround I'm pursuing is to use SingleSectionTagHandler for the items that need to be encrypted, so that I can leave appSettings unencrypted.

Can iisnode be configured to handle (or ignore) encrypted appSettings?

1 Answers1