Databases
StackOverflow2013
Postsdbo
POConnection String RsaProtectedConfigurationProvider Strategy
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConnection String RsaProtectedConfigurationProvider Strategy
    primarykey
    data
    text
    <p><strong>Scenario:</strong> I have a WPF desktop application which will be distributed on different machines for different customers. The application has an XML configuration file <em>'ApplicationConfiguration.xml'</em> This XML file contains connection strings. I need to encrypt these connection strings as the ApplicationConfiguration.xml file will be copied to the installation folder of the application along with the main application exe.</p> <p><strong>Planned Strategy :</strong> My planned strategy was to encrypt the <em>'ApplicationConfiguration.xml'</em> file after the installation. ( If I could do it during the installation then all the better )</p> <p><strong>What I have tried :</strong> Going with the strategy of encrypting the xml file AFTER installation I decided to write a simple winforms application to allow the user to browse for the 'ApplicationConfiguration.xml' and simply press a button to encrypt it. When I did this, I got a new file created in the form of an xml Configuration File. <em>'ApplicationConfiguration.xml.Config'</em>, but the original <em>'ApplicationConfiguration.xml'</em> file still remained intact with the connection strings untouched... Now.... when i copied the contents of this file into my 'ApplicationConfiguration.xml' file the program was able to function as normal ... the xml is now encrypted remember. So it appears that the .NET 4.0 framework can DECRYPT the xml file without me having to write anymore code in my WPF application.</p> <p>See code below to do the encryption:</p> <pre><code> protected void EncryptConfig(Boolean bEncrypt) { string path = SelectedFilePath(); Configuration config = ConfigurationManager.OpenExeConfiguration(path); // Define the Rsa provider name. const string provider = "RsaProtectedConfigurationProvider"; // Get the section to protect. ConfigurationSection connStrings = config.ConnectionStrings; if (connStrings != null) { if (!connStrings.SectionInformation.IsProtected) { if (!connStrings.ElementInformation.IsLocked) { // Protect the section. connStrings.SectionInformation.ProtectSection(provider); connStrings.SectionInformation.ForceSave = true; config.Save(ConfigurationSaveMode.Full); } } } MessageBox.Show("Config has been encrypted"); } </code></pre> <p>I have posted example output ( Replacing the CipherData with dummy characters ) which is created by the code above</p> <pre><code> &lt;?xml version="1.0" encoding="utf-8"?&gt; &lt;configuration&gt; &lt;connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"&gt; &lt;EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"&gt; &lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /&gt; &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt; &lt;EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt; &lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /&gt; &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt; &lt;KeyName&gt;Rsa Key&lt;/KeyName&gt; &lt;/KeyInfo&gt; &lt;CipherData&gt; &lt;CipherValue&gt;skfjshsadfhsadkjfsadhfsadkhfdsafhsadkfhkljdfh=&lt;/CipherValue&gt; &lt;/CipherData&gt; &lt;/EncryptedKey&gt; &lt;/KeyInfo&gt; &lt;CipherData&gt; &lt;CipherValue&gt;adfdsafdsafdsfdsafsadfsadfsadfsdfasfdsadfsafsadfdsf=&lt;/CipherValue&gt; &lt;/CipherData&gt; &lt;/EncryptedData&gt; &lt;/connectionStrings&gt; </code></pre> <p></p> <p>So I have a few questions on what I have done above and what I am trying to do :</p> <p><strong>1)</strong> Can the application read the encrypted connection strings without writing new code in the WPF application ? And if so, will each machine be able to read the encrypted connection strings if I do all the encryption processing on my own machine? As I have read about the 'Key' required.. and dont understand where the keyName above ( Rsa Key ) comes from.</p> <p><strong>2)</strong> Why when I save the xml file in my above code example is there a new 'xml.config' file created? Should I be manually copying the newly generated code into the original applicationConfiguration.xml file?</p> <p>Just to add, when I decrypt the new xml.config file using the following code:</p> <pre><code> connStrings.SectionInformation.UnprotectSection(); config.Save(ConfigurationSaveMode.Full); </code></pre> <p>.. I get the following output ! WHY! :)</p> <pre><code> &lt;?xml version="1.0" encoding="utf-8"?&gt; &lt;configuration&gt; &lt;connectionStrings&gt; &lt;clear /&gt; &lt;add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /&gt; &lt;/connectionStrings&gt; &lt;/configuration&gt; </code></pre> <p>I would have expected to get my original 3 connection strings... no?</p> <p>Basically I am looking for the correct method to proceed with encrypting an xml file of connection strings and allow the application to be deployed and read on different machines.</p> <p>Any help appreciated.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USKev
    1. USKev
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POConnection String RsaProtectedConfigurationProvider Strategy
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POConnection String RsaProtectedConfigurationProvider Strategy
      1. This table or related slice is empty.
      1. VTUpMod
    1. COI remember reading about this but discarded the idea myself. When encrypting the configuration windows stores the generated key in a safe place within the registry, HKCU I believe. Thus, this must be done on each machine and / or user and cannot be done before shipping.
      singulars
      1. POConnection String RsaProtectedConfigurationProvider Strategy
      1. USStephan B
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload