.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Cracking asp.net encryption -> web.config

Posted By:      Posted Date: September 25, 2010    Points: 0   Category :ASP.Net

Um...how does one go from cracking some encryption to downloading a web.config?  Surly IIS just plain won't serve up a web.config file?

(I'm not after a step by step - but it seems completely random to go from getting some knowlage about a cipher to downloading my web.config)

View Complete Post

More Related Resource Links

Problem with web.config encryption



I'm trying to encrypt the <connectionStrings> in my web.config site using this code:

protected void btnProtect_OnClick(object sender, EventArgs e)
        ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");


    private void ProtectSection(string sectionName, string provider)
        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

        ConfigurationSection section =

        if (section != null &&

I'm getting this error message:

Failed to map the path '/'.

on this line:

Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

encryption and decryption is web.config


Hi there,

I walk through this article about encryption and decryption http://msdn.microsoft.com/en-us/library/2w117ede.aspx

but if i move my encrypted application to another server  i can decrypt it easily using the following command :

aspnet_regiis -pd " connectionStrings" -app "/myapplication"

so anyone who knows this command can decrypt it easily. so what is the use of the rsa key in this case.

how can i prevent anyone from decrypting my web.config

thxs for ur help

Clean Web.Config Files (VS 2010 and .NET 4.0 Series)

.NET 4 includes a new version of the CLR, and a new .NET 4 specific machine.config file (which is installed side-by-side with the one used by .NET 2, .NET 3 and .NET 3.5).

The new .NET 4 machine.config file now automatically registers all of the ASP.NET tag sections, handlers and modules that we've added over the years, including the functionality for:

.ASP.NET Dynamic Data
.ASP.NET Routing (which can now be used for both ASP.NET WebForms and ASP.NET MVC)
.ASP.NET Chart Control (which now ships built-into ASP.NET V4)
What this means is that when you create a new "Empty ASP.NET application" project in VS 2010, you'll find that the new default application-level web.config file is now clean and simple:

View State Encryption


Hi All,

Why is it that I see the same hash value generated when I use different algorithms for viewstate encryption. I have added below lines to the web.config file

<pages viewstateEncryptionMode="Always"

reading values from config files in NUnit tests


One of my NUnit tests has to read in some values from config files.  In my main application this process works perfectly well, however when I run the unit test, the code that reads in the values from the config files doesnt read anything in.  Ive tried putting app.config in my unit test project (I even tried web.config) but nothing seems to work.  Are there any special steps involved when reading from config files in an nunit test ?

NUnit and config files


Ive created an NUnit test project in my solution and have added 3 tests.  They all fail with the same error

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.


SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

  ----> System.NullReferenceException : Object reference not set to an instance of an object.

heres the test method

        public void CreateDataContext_ConnectionString_ReturnsDataCon

Modifying connection String in Web config using Install Wizard



Im trying to create a Web Deployment Project, the built in setup and deployment is very good in Visual Studio, i need to able to add an additional step in the setup to change the connection string in the Web config file. Ive seen a lot of articles on how to do this and in particular this http://weblogs.asp.net/scottgu/archive/2007/06/15/tip-trick-creating-packaged-asp-net-setup-programs-with-vs-2005.aspx#7162670 I am however stuck on the final part of this tutorial, im using the code Scott provided but have two errors,  heres part of my code where the errors are

using System;
using System.Configuration;
using System.Configuration.Install;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.DirectoryServices;

 void ConfigureDatabase(string targetSite, string targetVDir, string connectionString)
            // Retrieve "Friendly Site Name" from IIS for TargetSite
            DirectoryEntry entry = new DirectoryEntry("IIS://LocalHost/" + targetSit

Web deployment project - web.config section replacement does not add remove tag


I have a web application that is actually installed as a component of a third party site.  In some configurations, I need to remove certain connection strings and re-add them.  I'm replacing this web.config section with a xml file that includes the following:

      <remove name="MyOverridenConnection"/>
      <add connectionString="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MyDb;Data Source=MyServer" name="MyOverridenConnection"

For some reason the remove tag is left out during the substitution and I end up with the following in the installed config:

      <add connectionString="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MyDb;Data Source=MyServer" name="MyOverridenConnection"

Is there any way to issue removes in replaced sec

Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component


When storing sensitive data, you need to be able to identify threats, determine how these threats interact with each other, and how issues can combine to constitute a vulnerability that will leave your data exposed. With a good understanding of the various cryptographic algorithms, salt, hashes, ACLs, and other available techniques, you'll be in a better position to protect your critical data.

Michael Stuart and J Sawyer

MSDN Magazine November 2004

Trustworthy Code: Exchange Data More Securely with XML Signatures and Encryption


You can sign any kind of data using XML Signature, including part of an XML document, other XML documents, or other data of any format. However, in practice, XML signatures are most frequently used to sign other data represented in XML. In this article, the authors discuss the new standard and how you can benefit from it in your apps.

Mike Downen and Shawn Farkas

MSDN Magazine November 2004

The ASP Column: What's in ASP.NET Config Files?


Even though you've been using ASP. NET for a while, how much do you really know about ASP. NET configuration files? While you've probably touched the Web. config file from time to time, there are some nuances involved in configuring ASP.

George Shepherd

MSDN Magazine September 2004

Encrypt It: Keep Your Data Secure with the New Advanced Encryption Standard


The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.

James McCaffrey

MSDN Magazine November 2003

.NET Remoting: Secure Your .NET Remoting Traffic by Writing an Asymmetric Encryption Channel Sink


As .NET Remoting gains popularity in the enterprise space, it must meet business demands for trustworthy computing. Remoting traffic can be secured when objects are hosted in IIS, but when they aren't hosted in IIS, custom security solutions can be developed to secure them. This article provides an in-depth look at writing channel sinks for .NET. It also details the flow of data through custom channel sinks and explains the kinds of manipulations that can be performed on that data.

Stephen Toub

MSDN Magazine June 2003

Razor View Engine and Add Namespace in Web.Config Problem



I am working on a MVC project with Razor view engine and I have the following:


This only works if I have on the same view the following:

  @using SquishIt.Framework;

However, on my Web.Config I have the following:


      <!-- Namespaces -->
        <add namespace="System"/>
        <add namespace="System.Web.Mvc"/>
        <add namespace="System.Web.Mvc.Ajax"/>
        <add namespace="System.Web.Mvc.Html"/>
        <add namespace="System.Web.Routing"/>
        <add namespace="Microsoft.Web.Mvc"/>
        <add namespace="SquishIt.Framework"/>


So if "SquishIt.Framework" namespace is added on Web.Config why do I need to have the @using on the view?

Symmetric Key Encryption on the Compact Framework

There are two main types of encryption algorithms available within the .NET Compact Framework - symmetric and asymmetric encryption. This blog entry will discuss how to utilise symmetric key encryption, but first we have to outline the difference between Symmetric and Asymmetric encryption (I will discuss asymmetric key encryption in a future blog entry).

Symmetric and Asymmetric Key Encryption
Symmetric encryption algorithms (also known as ciphers) process plain text with a secret encryption key to create encrypted data (called cipher text). The same secret key is used to decrypt the cipher text back to plain text.

Asymmetric encryption (also known as public-key encryption) is a cryptography technique that uses public and private key pairs to encrypt and decrypt data respectably. The private key is a closely guarded secret, while the public key can be freely distributed over untrusted networks. You do not worry who has your public key (you could print it on a 100foot tall banner if you so desired), but you must keep your private key secret.

How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


pageParserFilterType in Web.config


Hi there,

I'm asking this question AFTER I've already solved my problem - I just wanted more info about it.

Each time I tried to create a ViewUserControl with a specific model template like this:

<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<MyProject.Web.ContactFormContent>" %>

The control would not compile properly and intellisense would not show things like Html and ViewData.

However, when I add the attribute pageParserFilterType to the <pages> in web.config, everything works:

      pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc,
        Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

      pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc,
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend