Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer.

Jan 9, 2013

How to encrypt a custom configuration section in ASP.NET

Recently I wrote a piece of software that needed some configurable secrets — and they needed to be VERY secret. Consequently, I had to encrypt a custom configuration section. Unfortunately, I quickly ran into trouble and got an error message along the lines of:

Encrypting configuration section...
An error occurred creating the configuration section handler for myConfigSection: Could not load file or assembly 'MyAssembly, Version=2.0.0.0, Culture=neutral' or one of its dependencies. The system cannot find the file specified.
...
Failed!

Disheartening, eh? I looked to the Internet and the advice seemed to be to copy the "missing" assembly to the .NET framework folder. I strongly suggest you don't do that, messing around in the framework's folder is not recommended. That folder belongs to Microsoft.

Fortunately I found a much easier workaround. I'll give an example where I encrypt the configuration section for the NWebsec security library, in the DemoSiteWebForms project that's part of the project's solution.


The screenshot shows the error you get when trying to encrypt the nwebsec/httpHeaderSecurityModule section.

The dreaded configuration section encryption error.

Now for the workaround. The configuration section is declared at the very top of the config file. Simply comment out the section declaration and you're good to go.

<configSections>
  <sectionGroup name="nwebsec">
    <!-- For information on how to configure NWebsec please visit: http://nwebsec.codeplex.com/wikipage?title=Configuration -->
    <!-- section name="httpHeaderSecurityModule" type="NWebsec.Modules.Configuration.HttpHeaderSecurityConfigurationSection, NWebsec, Version=2.0.0.0, Culture=neutral"/ -->
  </sectionGroup>
</configSections>


Success! Remember to uncomment the section declaration afterwards and your web.config should be all set.

You'll also need to comment out the configuration section declaration if you want to decrypt the configuration section.

You can have a look at Encrypting Configuration Information Using Protected Configuration to learn more about how configuration encryption works. It's well documented, except for this quirk.
Posted by André N. Klingsheim at 23:07
Labels: , , ,

4 comments:

  1. Very clever and Ninjalike

    ReplyDelete

  2. Great finding. I followed your method and received a successful message from the encryption process but nothing has changed to my custom config content at all. Any suggestion would be much appreciated.

    ReplyDelete
    Replies

    1. Did you re-open the file after the configuration section was encrypted? There should be changes to the file when it reports success.

      Delete

  3. thank you Very much for your Solution.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Read other popular posts