Stop connection string decryption on client machine

Michele Hobson 21 Reputation points
2022-11-09T11:47:36.957+00:00

Hi

I'm new to this, so please bear with me.
I am running the following commands on my virtual machine (Used for development) to encrypt the configuration sections.

cd C:\Users\dev\myApp
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pz myKey
copy /Y "C:\Users\dev\myApp\app.config" "C:\Users\dev\myApp\web.config"
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pc myKey -size 4096 -exp
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings . -prov MyEncryptionProvider
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef appSettings . -prov MyEncryptionProvider
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "Administrators"
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -px myKey key.xml -pri
move /Y "C:\Users\dev\myApp\web.config" "C:\Users\dev\myApp\bin\Release\myApp.exe.config"

Before the installer completes the installation on the virtual machine's host, it deletes the key.xml file.
After the installer closes, the application can read the encrypted myApp.exe.config file and connect to the MySQL server/database.

I then copied myApp.exe.config to C:\Users\prod\decryptionDir\web.config, ran the command:
call C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf connectionStrings "C:\Users\prod\decryptionDir".

The problem is that it was decrypted. I tried the steps above without exporting the private key, but the application was not able to connect.

Not sure if this is relevant, but the only information that I have on the computers the desktop application will be installed on is that they will be running no less than Windows 10.

Can someone please explain what I'm missing and what I'm doing wrong.

Thank you

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,251 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lan Huang-MSFT 25,471 Reputation points Microsoft Vendor
    2022-11-10T05:43:26.79+00:00

    Hi @Michele Hobson ,

    This may be useful

    Have you tried this method?

    If you are using web farm. You need to create and use an RSA key through an RSA key provider (this is the code you find useful) so that all servers can decrypt with the same key.
    Encrypt and decrypt connection strings. There are two situations to consider:
    1.Encryption/decryption for a Single Server
    2.Encryption/decryption for a Web Farm
    For specific steps, see the following documents:
    https://techcommunity.microsoft.com/t5/iis-support-blog/connection-string-encryption-and-decryption/ba-p/830094
    Best regards,
    Lan Huang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.