locked
Decrypting web.config in differenct machine RRS feed

  • Question

  • User1849788689 posted

    Hi,

    We have a problem regarding decrypting the web.config... We encrypted the web.config in computer A. but we need it to decrypt it in computer B.

    we got an error

    "Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error
    ssage from the provider: Key not valid for use in specified state. (Exception
    om HRESULT: 0x8009000B) (D:\WCFSearch\web.config line 17)

    Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)
    Failed!"

    we also tried the RSAProtectedConfigurationProvider and we're not able decrypt also...

    I search google and found this unfortunately we can't decrpyt it... How do i include the key? do i need to copy and paste it?

     

    Regards

    Monday, March 15, 2010 4:03 AM

Answers

  • User1408790675 posted

    before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

    <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />
    



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 4:15 AM
  • User1408790675 posted

    you can follow this link http://www.orcsweb.com/articles/aspnetmachinekey.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 2:25 PM
  • User-345632295 posted

    This error should not have anything to do w/ MachineKey settings in your web.config.

    What you'll need to do is to

    1) Export the RSA key on Computer A using this command

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -px "KeyName" "SomeFileName.xml" -pri (You have to replace the KeyName with the name of the RSA key)

    This command will generate an XML file named SomeFileName.xml. 

    2) Import the xml file containing the key on Computer B. 

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pi "KeyName" "SomeFileName.xml" -exp

    3) Grant the ASPNET user permission to the key

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pa "KeyName" "servername\username"

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 3:50 PM
  • User-345632295 posted

    1) Yes.  You'll have to add that to your web.config.

    3) You do NOT need to create the key again on COM B.  The whole idea is to keep the key the same between the computers.  which is why you want to export the key from machine A and install it on machine B.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 16, 2010 4:07 PM

All replies

  • User1408790675 posted

    before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

    <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" />
    



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 4:15 AM
  • User1849788689 posted

    How to get the validationkey value and decryptionkey value?

    decryption key can be found at "D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"?

    Am i right?? how about validation key?

    Monday, March 15, 2010 4:39 AM
  • User1408790675 posted

    you can follow this link http://www.orcsweb.com/articles/aspnetmachinekey.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 2:25 PM
  • User-345632295 posted

    This error should not have anything to do w/ MachineKey settings in your web.config.

    What you'll need to do is to

    1) Export the RSA key on Computer A using this command

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -px "KeyName" "SomeFileName.xml" -pri (You have to replace the KeyName with the name of the RSA key)

    This command will generate an XML file named SomeFileName.xml. 

    2) Import the xml file containing the key on Computer B. 

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pi "KeyName" "SomeFileName.xml" -exp

    3) Grant the ASPNET user permission to the key

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pa "KeyName" "servername\username"

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 15, 2010 3:50 PM
  • User1849788689 posted

    Hi,

    This is how i encrypt my web.config

    C:\Program Files\Microsoft Visual Studio 9.0\VC>aspnet_regiis.exe -pef "appSetti
    ngs" "D:\Documents and Settings\christian.c.gajo\Desktop\web" -prov "RSAprotecte
    dConfigurationprovider"

    Here are the step by step that i did.

    Computer A

    1. aspnet_regiis -pc "SampleKeys"–exp

    Do I need to put this in my web.config? (I did not put this in my config)
    <configProtectedData>
       <providers>
          <add name="SampleProvider" 
               type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                     Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
                     processorArchitecture=MSIL"
               keyContainerName="SampleKeys" 
               useMachineContainer="true" />
       </providers>
    </configProtectedData>
     
    2. aspnet_regiis.exe -px "SampleKeys" "SampleKeys.xml" -pri
     
    Computer B.
    3. Do I need to execute this line again to create a container for Com B.? (in my side i execute this again)
                     aspnet_regiis -pc "SampleKeys"–exp
     
    4. aspnet_regiis.exe -pi "SampleKeys" "SampleKeys.xml" -exp
    5. aspnet_regiis.exe -pa "SampleKeys" "servername\username
     
    results i could not decrypt my web.config in Computer B
    Tuesday, March 16, 2010 1:44 AM
  • User-345632295 posted

    1) Yes.  You'll have to add that to your web.config.

    3) You do NOT need to create the key again on COM B.  The whole idea is to keep the key the same between the computers.  which is why you want to export the key from machine A and install it on machine B.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 16, 2010 4:07 PM
  • User-1081600188 posted

    That worked for me, thanks Bruce L!!

    Wednesday, May 22, 2013 5:41 PM