locked
Encrypt config file issue: results in web.config.config file created only with newly encrypted sections rather replacing the sections in orginal web.config RRS feed

  • Question

  • I have two questions related to this topic.

    I wrote a small application to encrypt and decrypt configuration files.  I used the .Net 2.0 configuration library to do so (see code below).  

    I expected the result of saving the config file to overwrite the current config file.  I allowed for the user to pick a config file using the OpenFileDialog control, so it is not the root config file that I am encrypting.  The app uses the RSA provider.  I experienced that it creates another config file (web.config.config) with only the updated (encrypted) sections and it leaves the original config file in tact.  It placed the new file in the same directory.  I was expecting the call to config.Save() to overwrite the original configuration file with the encrypted sections replacing the original sections (appSettings or connectionStrings sections).  I also tried to use the SaveAs(fileLocation) method and found that it overwrote the original file but it only had the new configuration sections and dropped the other sections such as serviceModel, system.web, ect...

    Secondly, I thought that I would be able to decrypt the encrypted sections of the configuration file using the code below.  I found that the decryption wasn't able to convert the encrypted section when I pointed the config location at the web.config.config file produced by the encrypting code.

    I am passing in a config file location (configFileName) and a configuration section string (configSectionName) to the following method.

    public const string ENCRYPTIONPROVIDER = "RSAProtectedConfigurationProvider";

    protected void EncryptSection(string configFileName, string configSectionName)
            {
                if (!File.Exists(configFileName))
                {
                    throw new ArgumentException(string.Format("{0} does not exist.", configFileName));
                }
                //Configuration config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(configFileName);
                Configuration config = ConfigurationManager.OpenExeConfiguration(configFileName);
                ConfigurationSection configSection = config.GetSection(configSectionName);            
                if (configSection == null)
                {
                    throw new ArgumentException(string.Format("{0} does not exist in {1}.", configSectionName, configFileName));
                }
                if (configSection.IsReadOnly())
                {
                    throw new ArgumentException(string.Format("{0} is Read-Only in {1}.", configSectionName, configFileName));
                }
                if (configSection.SectionInformation.IsProtected)
                {
                    throw new ArgumentException(string.Format("{0} is already encrypted in {1}.", configSectionName, configFileName));
                }
                configSection.SectionInformation.ProtectSection(ENCRYPTIONPROVIDER);

                configSection.SectionInformation.ForceSave = true;
                config.Save(ConfigurationSaveMode.Minimal, true);
            }

    thanks in advance,

    Rob
    Tuesday, September 29, 2009 2:49 PM