I want to encrypt the connection strings in a web.config file in a shared hosting environment.
I have read most of the articles on MSDN on the subject (http://msdn.microsoft.com/en-us/library/53tyfkaw.aspx) and concluded that I need to use RSAProtectedConfigurationProvider so that I can export the config file with key container to our shared hosting provider. However, when I do this I get an error "The RSA key container could not be opened." I assume this is because I need to grant access to the aspnet account to the key container, but this is done using the aspnet_regiis tool which I can't use as I'm on a shared host.
So I tried programatically encrypting it on application start in the global.asax, but I get a permission error when saving the file - "An error occurred loading a configuration file: Access to the path 'C:\Inetpub\xxx\yyy\3acp98k.tmp' is denied. Shared hosting restriction, I assume.
I can't run the aspnet_regiis tool as its a shared hosting environment.
Does anyone have any ideas as to how I might encrypt the connection strings?
You just need to make web.config writable. Shared hosts either give full access to the IIS user or give you some web-based tool, in you file manager maybe, to edit permissions. You don't need to run aspnet_regiis.
I see nothing has been marked as an answer so I will assume that you didnt get a solution to this.
Just an idea - but if the only problem is that your application doesnt have write access to your config file (hint: your FTP account has write permissions!) - just write an ASPX page that reads the connection string settings, and displays the encrypted Xml (you might want to put it in a password protected location).
Then all you have to do is:
- create an unencrypted web.config
- upload it
- visit your 'display encrypted connectionstrings webpage'
- copy and paste the encrypted data in to your local web.config
- upload the web.config again with the new encrypted settings!
An encryption key must be generated and saved in a folder of the application. that key is used by the web site to encrypt and decrypt the config file or config section every time it is read. The default provider is RSACriptoServiceProvider. If the config file is uploaded encrypted, but not encryption key is provided, it just cannot deycrypt it by itself. The key is used every time the config section is decrypted and encrypted
the aspnet_regiis tool is used to encryp and decrypt with the -pef and -pdf options. The same tool is used to create the encryption keys with the -pc option, which create a key pair at machine level