vb.net - App.config connection string Protection error

Question

I am running into an issue I had before; can't find my reference on how to solve it.

Here is the issue. We encrypt the connection strings section in the app.config for our client application using code below:

        config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
        If config.ConnectionStrings.SectionInformation.IsProtected = False Then
            config.ConnectionStrings.SectionInformation.ProtectSection(Nothing)

            ' We must save the changes to the configuration file.'
            config.Save(ConfigurationSaveMode.Modified, True)
        End If

The issue is we had a salesperson leave. The old laptop is going to a new salesperson and under the new user's login, when it tries to to do this we get an error. The error is:

Unhandled Exception: System.Configuration.ConfigurationErrorsException: 
An error occurred executing the configuration section handler for connectionStrings. ---> System.Configuration.ConfigurationErrorsException: Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. 
Error message from the provider: Object already exists.
---> System.Security.Cryptography.CryptographicException: Object already exists

Answer 1

http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx#1657603

copy and paste :D

Monday, February 12, 2007 12:15 AM by Naica

re: Encrypting configuration files using protected configuration

Here is a list of all steps I've done to encrypt two sections on my PC and then deploy it to the WebServer. Maybe it will help someone...:

1. To create a machine-level RSA key container

   aspnet_regiis -pc "DataProtectionConfigurationProviderKeys" -exp
   

2. Add this to web.config before connectionStrings section:

    <add name="DataProtectionConfigurationProvider"
   
         type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
   
                  Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
   
                  processorArchitecture=MSIL"
   
         keyContainerName="DataProtectionConfigurationProviderKeys"
   
         useMachineContainer="true" />
   

   Do not miss the <clear /> from above! Important when playing with encrypting/decrypting many times

3. Check to have this at the top of Web.Config file. If missing add it:

   <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
   

4. Save and close Web.Config file in VS (very important!)

5. In Command Prompt (my local PC) window go to:

   C:WINNTMicrosoft.NETFrameworkv2.0.50727

6. Encrypt: (Be aware to Change physical path for your App, or use -app option and give the name o virtual directory for app! Because I used VS on my PC I preferred the bellow option. The path is the path to Web.config file)

   aspnet_regiis -pef "connectionStrings" "c:BlaBlaBla" -prov "DataProtectionConfigurationProvider"

   aspnet_regiis -pef "system.web/membership" "c:BlaBlaBla" -prov "DataProtectionConfigurationProvider"

7. To Decrypt (if needed only!):

   aspnet_regiis -pdf "connectionStrings" "c:BlaBlaBla"
   
   aspnet_regiis -pdf "system.web/membership" "c:BlaBlaBla"
   

8. Delete Keys Container (if needed only!)

   aspnet_regiis -pz "DataProtectionConfigurationProviderKeys"
   

9. Save the above key to xml file in order to export it from your local PC to the WebServer (UAT or Production)

   aspnet_regiis -px "DataProtectionConfigurationProviderKeys" empmykeyfile.xml -pri
   

10. Import the key container on WebServer servers:

    aspnet_regiis -pi "DataProtectionConfigurationProviderKeys" empmykeyfile.xml
    

11. Grant access to the key on the web server

    aspnet_regiis -pa "DataProtectionConfigurationProviderKeys" "DOMAINUser"
    

    See in IIS the ASP.NET user or use:

    Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name
    

12. Remove Grant access to the key on the web server (Only if required!)

    aspnet_regiis -pr "DataProtectionConfigurationProviderKeys" "DomainUser"
    

13. Copy and Paste to WebServer the encrypted Web.config file.