2

I've done the following in the Web.config

    <configuration>
  <configSections> 
    <section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral  PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" allowLocation="true" />
    <sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
      <section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
      <section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
    </sectionGroup>
  </configSections>
  ... etc

And then in the Views/Web.config I've tried to use it like this

    <secureAppSettings>
    <!--Captcha keys-->
    <add key="RecaptchaPrivateKey" value="somevalue" />
    <add key="RecaptchaPublicKey" value="someothervalue" />

  </secureAppSettings>

however every time try to open the site I get the following error:

Config Error The configuration section 'secureAppSettings' cannot be read because it is missing a section declaration

and I don't understand what I'm supposed to do. I'm currently trying to use it in the view like this:

@((NameValueCollection)WebConfigurationManager.GetSection("secureAppSettings"))["RecaptchaPublicKey"]

Edit:

I've tried as one of the comments suggest to move the configSections to the View/web.config

the result is the following Error message

Parser Error Message: An error occurred while creating the handler for the secureAppSettings configuration section: The specified assembly name or specified codebase was invalid. (Exception from HRESULT: 0x80131047)

I took that as a sign that I was doing it wrong but I see now that maybe I need to fix something here instead of doing it the other way I was doing.

however the message for me is as cryptic as before..

Clarification of what I'm trying to archive.

I've got some sensitive information in my Web.config that I would like to encrypt. I read that I could make a secureAppSettings section and then encrypt it from there. the reason I want to separate the information out of the appSettings section is because I've got plenty of other information in it that I really do not need encrypted. eventually all of this should lead to that I'm able to make a MSI website installer where, during the installation, I can change or add settings to the appSettings and the secureAppSettings sections before encrypting the secureAppSettings. for easy setup and installation of the site I'm building.

Now I'm not sure if the way my solution is currently, is going to work, but if not, then I'd like to be pointed in the right direction, to solve my ultimate goal, of being able to make a MSI installer, where I can change the configuration file, during the installation and encrypt any sensitive information.

Helbo
  • 473
  • 10
  • 32
  • Do you use web.config transforms? – Ionut Ungureanu Jul 25 '18 at 10:21
  • @IonutUngureanu what is that ? And I guess the answer would be no considering I don't know what it is. – Helbo Jul 25 '18 at 10:36
  • Web config transform are use to manage different versions of your web.config (like, for example, for development/test/production environment). I was asking because your web.config transformation might impact the custom section registration. See here: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/deployment/visual-studio-web-deployment/web-config-transformations – Ionut Ungureanu Jul 25 '18 at 11:06
  • You have to register the `secureAppSettings` section in `` of `Views/Web.config` – haim770 Jul 25 '18 at 11:27
  • @IonutUngureanu Thanks for showing that to me it was very informative. I however am not using web deploy but are building a msi for installing the site. the idea is that at install time I can determine the various parameters in my web.config and that I can use a section encryption on the secureAppSettings. which is why I included it because I do not want to encrypt the entire AppSettings as that would be way overkill. – Helbo Jul 25 '18 at 11:41
  • @haim770 I did that in the beginning but it just complained that I could not have two configSections. I think it is because the main Web.config is referring to the one in the Views Folder. – Helbo Jul 25 '18 at 11:42
  • @Helbo This appears to be an [XY problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). A proper [mcve] of what you are trying to achieve should help clarify the actual problem – Nkosi Jul 31 '18 at 01:07
  • @Nkosi Thank you for your comment I've tried to clarify what I'm trying to archive I hope that it will solve the XY problem you are referring to. – Helbo Jul 31 '18 at 06:33
  • Not sure but [this](https://stackoverflow.com/questions/6224732/how-to-encrypt-one-entry-in-web-config) may help you – Ujwal Neupane Aug 01 '18 at 06:01
  • @UjwalNeupane Thank you for your response I've looked over your link and it just tells me that the way I'm trying to do it is possible but as I am following each of their recommended steps I still cannot make it work. – Helbo Aug 01 '18 at 07:56
  • Any reason to store this custom section in `views\web.config` instead of the root `web.config`? In theory this should be possible, but I only get this working when using the root `web.config`. – pfx Aug 02 '18 at 20:58
  • @pfx well I have been trying a few combinations since the post and using the root config only is one of them I get the same problem I cannot access the values – Helbo Aug 03 '18 at 08:34

1 Answers1

2

In reply to my comment you mentioned you also tried a setup using the root web.config file, instead of the one in the Views folder.

In theory it must be possible to use the Views\web.config file.
With ASP.NET MVC I only have success using the root web.config.
This looks like here below.

Notice that I use a less explicit section definition.

Web.config

<configuration>
    <configSections>
        <section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler" />
    </configSections>

    <!-- Other configuration elements -->

    <secureAppSettings>
        <!--Captcha keys-->
        <add key="RecaptchaPrivateKey" value="somevalue" />
        <add key="RecaptchaPublicKey" value="someothervalue" />
    </secureAppSettings>
</configuration>

In my view

 <span>@(((NameValueCollection)WebConfigurationManager.GetSection("secureAppSettings"))["RecaptchaPublicKey"])</span>
pfx
  • 20,323
  • 43
  • 37
  • 57
  • I do not understand why does this work when what I did essentially was the same ? Oh well Thanks for your reply :) you have made it work now. – Helbo Aug 03 '18 at 09:16
  • I just learned the hard way to keep the section definitions as simple as possible, without eg Version, Culture, PublicKeyToken. – pfx Aug 03 '18 at 09:36