Encrypted web.config method sharing

  • 2020-05-30 19:48:17
  • OfStack

1. Open notepad and copy the following code to a new file.


<%@ Page Language="C#" %>
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>

Save my.aspx to your web directory, run 1 and the form displays "NT AUTHORITY\NETWORK SERVICE". Success!

2. (key step 1) run cmd and execute the following

aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"

Note: register the default RsaProtectedConfigurationProvider RSA key container,
NetFrameworkConfigurationKey is the default provider for RsaProtectedConfigurationProvider. Success!

3. Now, you can encrypt web.config, run:

Encryption: aspnet_regiis-pe "connectionStrings" -app "/Myweb"
Note: "connectionStrings" is the section to be encrypted, and "/Myweb" is the web directory
Decryption: aspnet_regiis-pd "connectionStrings" -app "/Myweb"

Success!

4, so you can call in the program (no need to decrypt, ha ha

) :
...
string connstr= ConfigurationManager.ConnectionStrings["myConnstr"].ConnectionString.ToString();
...


Similarly, you can create your own RSA key container, as follows:

(1) create "MyKeys" key container and run: aspnet_regiis-pc "MyKeys" -exp
(2) add the following to web.config:


      <protectedData>
        <providers>
         <add name="MyProvider"
              type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0. 0.0,
                    Culture=neutral, PublicKeyToken=b03f5f7f11d0a3a,
                    processorArchitecture=MSIL"
              keyContainerName="MyKeys" 
              useMachineContainer="true" />
        </providers>
      </protectedData>
     

Save.

(3) grant the account access to the computer level "MyKeys" RSA key container, run:

aspnet_regiis -pa "MyKeys" "NT AUTHORITY\NETWORK SERVICE"

(4) now, you can encrypt web.config, run:

Encryption: aspnet_regiis-pe "connectionStrings" -app "/Myweb" -prov "MyProvider"

Note: "connectionStrings" is the section to be encrypted, "/Myweb" is the web directory, "MyProvider" is its own key container

Decryption: aspnet_regiis-pd "connectionStrings" -app "/Myweb" -prov "MyProvider"


Related articles: