4

We are using a custom config section (via the NameValueConfigSection) to contain our settings. These settings are externalised from web.config via configSource.

So, entries in web.config look something like this:

  <configSections>
    <section name="customSettings" type="System.Configuration.NameValueSectionHandler" />
  </configSections>

  <customSettings configSource="config\customSettings.config" />

We want to encrypt this "customSettings.config" file on our production server, so run this command, as recommended by Microsoft (here: http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx)

aspnet_regiis -pe customSettings -site 4 -app /

And this produces the following output:

Encrypting configuration section...
Succeeded!

However, it does not succeed at all, leaving the file exactly as it was

(incidentally, this command does work if encrypting a non-custom section, such as an externalised connectionStrings section)

I have been able to write a little console app that does work ok, but we really want to use the standard tools to do what should be a standard operation - can anyone tell me if this is a limitation or where I am going wrong?

Thanks :)

Kram
  • 4,099
  • 4
  • 39
  • 60
  • I have exactly the same issue. If I put the customSettings in the web.config they encrypt, but if I use the configSource and have them in a separate file the aspnet_regiis says the encryption succeeds but the nodes in the file aren't encrypted. I also encrypt the connectionStrings in a different file which is in the same directory and it works fine so I know it isn't a path issue. If anyone has found the answer to this please let me know. –  Sep 11 '12 at 17:50

1 Answers1

3

I'm comparing your code with this:

To encrypt the connectionStrings section with the DPAPI provider with the machine key store (the default configuration), run this command from a command prompt:

aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"

where:

-pe specifies the configuration section to encrypt.

-app specifies the web app's virtual path. If the app is nested, specify the nested path from the root directory, for example "/test/aspnet/MachineDPAPI"

-prov specifies the provider name.

I wonder if you need to provide the app name? And/or the provider?

And their version encloses the attribute values in quotes.

DOK
  • 32,337
  • 7
  • 60
  • 92
  • I am providing the app name "/" = root (in your case you have a named app off the root). And no, no need for Prov, as in the docs: "If you do not specify a provider using the -prov option, the provider configured as the defaultProvider is used." – Kram Jun 06 '11 at 12:03