Decrypting web.config in differenct machine

Question

User1849788689 posted

Hi,

We have a problem regarding decrypting the web.config... We encrypted the web.config in computer A. but we need it to decrypt it in computer B.

we got an error

"Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error
ssage from the provider: Key not valid for use in specified state. (Exception
om HRESULT: 0x8009000B) (D:\WCFSearch\web.config line 17)

Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)
Failed!"

we also tried the RSAProtectedConfigurationProvider and we're not able decrypt also...

I search google and found this unfortunately we can't decrpyt it... How do i include the key? do i need to copy and paste it?

 

Regards

Answer 1

User1408790675 posted

before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />

Answer 2

User1849788689 posted

How to get the validationkey value and decryptionkey value?

decryption key can be found at "D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"?

Am i right?? how about validation key?

Answer 3

User1408790675 posted

you can follow this link http://www.orcsweb.com/articles/aspnetmachinekey.aspx

Answer 4

User-345632295 posted

This error should not have anything to do w/ MachineKey settings in your web.config.

What you'll need to do is to

1) Export the RSA key on Computer A using this command

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -px "KeyName" "SomeFileName.xml" -pri (You have to replace the KeyName with the name of the RSA key)

This command will generate an XML file named SomeFileName.xml. 

2) Import the xml file containing the key on Computer B. 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pi "KeyName" "SomeFileName.xml" -exp

3) Grant the ASPNET user permission to the key

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pa "KeyName" "servername\username"

Answer 5

User1849788689 posted

Hi,

This is how i encrypt my web.config

C:\Program Files\Microsoft Visual Studio 9.0\VC>aspnet_regiis.exe -pef "appSetti
ngs" "D:\Documents and Settings\christian.c.gajo\Desktop\web" -prov "RSAprotecte
dConfigurationprovider"

Here are the step by step that i did.

Computer A

1. aspnet_regiis -pc "SampleKeys"–exp

Do I need to put this in my web.config? (I did not put this in my config)

<configProtectedData>
   <providers>
      <add name="SampleProvider" 
           type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
                 processorArchitecture=MSIL"
           keyContainerName="SampleKeys" 
           useMachineContainer="true" />
   </providers>
</configProtectedData>

2. aspnet_regiis.exe -px "SampleKeys" "SampleKeys.xml" -pri

Computer B.

3. Do I need to execute this line again to create a container for Com B.? (in my side i execute this again)

                 aspnet_regiis -pc "SampleKeys"–exp

4. aspnet_regiis.exe -pi "SampleKeys" "SampleKeys.xml" -exp

5. aspnet_regiis.exe -pa "SampleKeys" "servername\username

results i could not decrypt my web.config in Computer B

Answer 6

User-345632295 posted

1) Yes.  You'll have to add that to your web.config.

3) You do NOT need to create the key again on COM B.  The whole idea is to keep the key the same between the computers.  which is why you want to export the key from machine A and install it on machine B.

Answer 7

User-1081600188 posted

That worked for me, thanks Bruce L!!