AI OnAI Off

Moving an encrypted value in web.config across servers

Vote:
 
When encrypting the web.config file, what does EPiServer use as the encryption key? Is it the machineKey (from machine.config), some key from Licence.config, or something else? The reason for asking is that when encrypting a value in web.config on Server A, we can't cut-and-paste the now encrypted value into web.config on Server B - we get "System.Security.Cryptography.CryptographicException: Bad Data". So why not encrypt the web.config file from Server B in the same manner as we did on Server A, you might ask? Because the admin and edit functionality have been removed from Server B due to high security demands. Is it even possible to move an encrypted value from one server to another? Brgds, Niklas
#12681
Jun 20, 2006 17:43
Daniel Ovaska
Daniel Ovaska
Vote:
 

I'm guessing EPiServer is using the machine key yes which of course won't work by copy pasting it to another server. Solution would be to decrypt on current server, copy paste that to new web.config, and encrypt again on both source and target server.

#63873
Dec 03, 2012 13:38
Steve Celius
Steve Celius
Vote:
 

Hi Daniel,

we're using the standard configuration encryption method in ASP.NET. I use it to encrypt the connectionStrings.config, and this has to be done manually on each server. See the aspnet_regiis.exe command for more information, or read more here: http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx

Note! In a load balanced environment, you can export/import the encryption keys, so you have the same config on all servers. Make sure you protect your keys if you go down this path.

#63876
Dec 04, 2012 7:59
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.