All geek questions in one place

Why does encrypting the Web.config file work without providing the keyContainerName name?

So, using the aspnet_regiis.exe utility, I did the following

//Create the container aspnet_regiis -pc MyRSAKey -exp //Write key to file aspnet_regiis -px MyRSAKey MyRSAKey.xml //Install the key into a machine-level RSA key provider. aspnet_regiis -pi MyRSAKey MyRSAKey.xml //Grant access to the contrainer aspnet_regiis -pa "MyRSAKey" "NT Authority\Network service"

Now I thought that to use this key I need to add this to the web.config file

 <configProtectedData defaultProvider="MyProviderName"> <providers> <add name="MyProviderName" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName="MyRSAKey" useMachineContainer="true" /> </providers>

Now when I run this command, it works:

 aspnet_regiis -pef "sectiomName" "pathToConfigFile" -prov "MyProviderName"

The fact is that it works no matter what value I have for keyContainerName. Or even when I completely extract keyContainerName from the configuration file, it still works, assuming that it does not actually use the key that I generated and installed.

Also, visual studio 2010 does not even recognize keyContainerName (or useMachineContainer), saying that the name "keyContainerName" is not allowed.

What's going on here?

+4
source share
1 answer

To solve two issues out of order:

Visual Studio 2010 does not even recognize keyContainerName (or useMachineContainer ), indicating that the name 'keyContainerName' is not valid.

What's going on here?

I did not decompile the corresponding configuration section class to check, but I noticed that RsaProtectedConfigurationProvider has the keyContainerName and useMachineContainer , so it seems that a) when analyzing the providers/add element, which it uses reflection to set the appropriate fields in the type instance; and b) whoever wrote the XML schema that VS2010 uses to validate .config files, forgot the <xsd:anyAttribute> .

(FWIW this question is what I was hoping to answer when I discovered your question, which is highly valued by Google for its keycontainername attribute is not allowed ).

The fact is that it works no matter what value I have for keyContainerName. Or even when I completely extract keyContainerName from the configuration file, it still works, assuming that it does not actually use the key that I generated and installed.

When you say "it works," I think you mean that aspnet_regiis -pef does not give an error. However, if you try to access the secured configuration section in your code, I bet that it will complain if you did not use the correct keyContainerName .

I suspect that if the name does not match the known key container, it creates a new one, but I did not try to check it.

0
source

Source: https://habr.com/ru/post/1338876/

More articles:


All Articles