Failed to encrypt the section 'connectionStrin

2020-05-29 21:53发布

问题:

Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedCo nfigurationProvider'. Error message from the provider: Object already exists.

I followed the guide in http://msdn.microsoft.com/en-us/library/2w117ede.aspx but in step 3 in To grant the ASP.NET identity access to the RSA key container, it says that my identity is my workgroup\username, I do not have impersonation in my web.config file though

I am encrypting web.config using my machine using asp_regiis, then using visual studio to debug then it came with this error

回答1:

For using RsaProtectedConfigurationProvider you need to launch your Command prompt or Visual Studio as an Administrator.

For DataProtectionConfigurationProvider it is not required to run under Admin rights.



回答2:

You can create your own provider using RsaProtectedConfigurationProvider to encrypt your web.xml without administrator privileges.

  1. Create a key store:

    aspnet_regiis -pc "MyKeyStore" -exp

  2. Grant read access for any user:

    aspnet_regiis -pa "MyKeyStore" "Domain/User"

  3. Put a provider section in your web.config

    <configProtectedData>
    <providers>
        <add name="MyRSAProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"keyContainerName="MyKeyStore"useMachineContainer="true" />
    </providers>
    </configProtectedData>
    
  4. Encrypt your config sections:

    aspnet_regiis -pef "configSection" "c:\pathToWebConf" -prov "MyRSAProvider"

Sources:

Create RSA key container and provider

Encrypt configuration



回答3:

This happened on one of my servers whole trying to move web apps from the c drive to another drive.

Because I had encrypted the web.config section on drive C and moved it to another drive, it jammed up the provider causing it to fail to encrypt the section because it believes it already exists.

I'm still trying to fix it.