System.Security.Cryptography.CryptographicException upon encrypting connectionstring

Question

So i have tried to build two methods that hence encrypts and decrypts my connectionstring.

The issue is, that i get a pretty nasty exception, that i really cant figure out how to solve.

my two methods and my calls looks like this:

    private void ProtectSection(string sectionName, string provider)
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration("~/");
        ConfigurationSection section = config.GetSection(sectionName);

        if (section != null && !section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection(provider);
            config.Save();
        }
    }

    private void UnProtectSection(string sectionName)
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration("~/");
        ConfigurationSection section = config.GetSection(sectionName);

        if (section != null && section.SectionInformation.IsProtected)
        {
            section.SectionInformation.UnprotectSection();
            config.Save();
        }
    }

And these are my calls:

UnProtectSection("connectionStrings");
ProtectSection("connectionStrings", "RsaProtectedConfigurationProvider");

UPDATE

here are the following errors that i get:

<ExceptionMessage>Object already exists.</ExceptionMessage>

<StackTrace>
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv) at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters) at System.Configuration.RsaProtectedConfigurationProvider.GetCryptoServiceProvider(Boolean exportable, Boolean keyMustExist) at System.Configuration.RsaProtectedConfigurationProvider.Encrypt(XmlNode node) at System.Configuration.ProtectedConfigurationSection.EncryptSection(String clearXml, ProtectedConfigurationProvider provider) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.EncryptSection(String clearTextXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection) at System.Configuration.Internal.DelegatingConfigHost.EncryptSection(String clearTextXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection) at System.Configuration.Internal.DelegatingConfigHost.EncryptSection(String clearTextXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection) at System.Configuration.MgmtConfigurationRecord.GetConfigDefinitionUpdates(Boolean requireUpdates, ConfigurationSaveMode saveMode, Boolean forceSaveAll, ConfigDefinitionUpdates& definitionUpdates, ArrayList& configSourceUpdates)
</StackTrace>

Is there an inner exception or details or is "pretty nasty exception" all we get? — Ňɏssa Pøngjǣrdenlarp, Oct 17 '16 at 20:56

score 2 · Accepted Answer · answered Oct 17 '16 at 21:30

2

I recommend against rolling your own encryption on the connection strings. Instead you should do it the "Microsoft Way" as described here: https://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.85).aspx

From a high level, you run aspnet_regiis.exe with a reference to the part of the web.config you want to encrypt.

answered Oct 17 '16 at 21:30

Jonathan

4,916
2
20
37

i have seen that, and to be honest, i really dont understand how it should be done? i mean i need to run the .exe manually.. but obviously this encryption should be effective after the get method has fiered. – Jeppe Christensen Oct 17 '16 at 23:03
in the sense, that it needs to encrypt and decrypt automatically once on my webhotel when my get method needs to access the db. – Jeppe Christensen Oct 17 '16 at 23:17
If you encrypt in this way, the settings are available as though they were not encrypted (you can reference by name) at run time – Jonathan Oct 17 '16 at 23:26
thank for your answer, but im not sure that you are correct. it tells me that "The RSA key container could not be opened." – Jeppe Christensen Oct 18 '16 at 00:21
-that is after i encrypted it, and left the code as if i try to access a normal connectionstring that hasnt been encrypted. – Jeppe Christensen Oct 18 '16 at 00:28
@JeppeChristensen, the correct way to encrypt a connection string in ASP.Net has been answered multiple times. See http://stackoverflow.com/questions/11637348/encrypt-connection-string-in-app-config for example. The framework will automatically handle the decryption for you when you access the value in code, so no need to write any additional code. – Adrian Sanguineti Oct 18 '16 at 02:52

System.Security.Cryptography.CryptographicException upon encrypting connectionstring

1 Answers1