none
How to encrypt system.serviceModel in web.config or one of it's subsections (behaviors) RRS feed

  • Question

  • We are using the Azure Service Bus Relay service with a WCF service hosted in IIS. What this means is the settings are all in web.config for the service. This includes the Azure secret which is contained in system.serviceModel/behaviors/endpointbehaviors/behavior/transportclientendpointbehavior/tokenprovider/sharedsecret.

    We'd like to encrypt this section of the web.config file.

    Assume the application name in IIS is ApplicationNumber1.

    If using asp.net ... the specific command is:

    aspnet_regiis -pe "system.serviceModel/behaviors" -app "/ApplicationNumber1"

    This will first complain with "The type 'Microsoft.ServiceBus.Configuration.TransportClientEndpointBehaviorElement, Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35' registered for extension 'transportClientEndpointBehavior' could not be loaded."

    To get past this, one option is to load the Microsoft.ServiceBus.dll into the GAC using:

    gacutil -i Microsoft.ServiceBus.dll

    Upon doing this the error changes to:

    A configuration file cannot be created for the requested Configuration object.

    No further information about why the file cannot be created is found. Checked permissions on the folder, ran that command under an Administrator's prompt, and no success. Same error.

    If I just try to encrypt 'system.ServiceModel' it states the configuration section cannot be found, and that's because system.ServiceModel is a configuration GROUP not a configuration SECTION.

    Of course also tried this just in code, using this:

    var config = WebConfigurationManager.OpenWebConfiguration("~");
    var section = config.GetSection(sectionName);
    section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
    section.SectionInformation.ForceSave = true;
    config.Save(ConfigurationSaveMode.Modified);
    Log.Inforemation("Encrypted app settings for "+sectionName);

    This code does run and the log entry appears. However, the section never gets encrypted. I can open the config with any reader and it's not encrypted.

    Can anyone provide a working sample of how to actually (not just in theory) encrypt system.serviceModel in its entirety, or system.serviceModel\behaviors section?

     


    • Edited by bogatiy Monday, October 7, 2013 7:45 PM minor error in command shown
    Monday, October 7, 2013 7:44 PM

Answers