encrypting web.config failed error
Solution 1
for the command "aspnet_regiis -pef" the path of configuration file is the physical path (Not virtual) and also it is the path of directory/folder where web.config resides. So one should not include the name of file in path e.g.
if your web.config path is at D:\MyConfiguration\web.config
then while encrypting/decrypting you will use it as follow:
encrypt:
aspnet_regiis -pef [sectionName] "D:\MyConfiguration"
decrypt:
aspnet_regiis -pdf [sectionName] "D:\MyConfiguration"
Solution 2
I know this is old, but I've just had the same issue and none of the other answers got the problem.
You're not supposed to put the filename in the path, and the file MUST be called web.config
. So for your example, if your web.config
file is actually in C:\
you would put:
aspnet_regiis -pef "connectionStrings" "C:\"
and your file MUST be called web.config
as the tool will only look for that file.
For those people whose file isn't in C:\
you'll need to put the full path to the file (root of the site). You'll also need to cd
into the directory containing the aspnet_regiis.exe
file or put the full file path for the tool as well:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pef "ConnectionStrings" "C:\Ghron\Projects\Company\trunk\project1\project1"
Also, some of the other answers are valid points - the parameters are case sensitive, so your paths and section names must be in the right case. I wasted about 20 minutes using "ConnectionStrings"
instead of "connectionStrings"
(lower case c).
Solution 3
The Sections are CASE SENSITIVE.
Do not Add \
at the end of the path (no web.config needed).
You don't need to do it straight on a site; instead, copy the file to any location.
Encrypting:
aspnet_regiis -pef "SECTIONTOENTRYPT" "d:\tempEnCrypt" -prov WhateverProviderYouAreUsing
Decrypting:
aspnet_regiis -pdf "SECTIONTOENTRYPT" "d:\tempEncrypt"
You can use this to encrypt an app.config as well, just rename the file for the encryption/decryption as web.config
Solution 4
Encrypt/Decrypt web.config
- source is taken from this link https://mywebanecdotes.com/2016/09/17/encrypting-credentials-in-app-config-for-multiple-machines/
- Firstly, if you have App.config, you need to rename to Web.config. And when done rename it back. This is because aspnet_regiis.exe recognize only Web.config file.
- Then create a custom attribute
SecuredSettings
(any name is fine) either in you App.config or Web.config file.
<configuration>
<configSections>
<section name="SecuredSettings" type="System.Configuration.NameValueSectionHandler" />
</configSections>
<SecuredSettings>
<add key="pwrd" value="password" />
</SecuredSettings>
<configProtectedData>
<providers>
<add keyContainerName="MyCustomKeys"
useMachineContainer="true"
name="MyEncryptionProvider"
type="System.Configuration.RsaProtectedConfigurationProvider"/>
</providers>
</configProtectedData>
</configuration>
- In C# you can retrieve these values as you would do it normally. eg:
var attr = ConfigurationManager.GetSection("SecuredSettings") as NameValueCollection;
var value = attr["pwrd"];
- The rest is ecrypting or decrypting
- Run cmd As Administrator , and locate to
C:\Windows\Microsoft.NET\Framework\v4.0.30319
- "Create a public/private RSA key pair with a specfic container name. They should also be marked as exportable (otherwise what is the point!)"
aspnet_regiis.exe -pc MyCustomKeys -exp
- "Grant permissions for accounts to access the container"
aspnet_regiis.exe -pa MyCustomKeys "NT AUTHORITY\NETWORK SERVICE"
- "The following line will now encrypt your section (the pwdr value). The -pef switch is telling the application to look for a web.config file and to use provider that is declared in the beginning (which is using type RsaProtectedConfigurationProvider)"
aspnet_regiis.exe -pef "SecuredSettings" "C:\DEV\ConsoleApp\DEX" -prov MyEncryptionProvider
- Export those Keys to another machine (if needed)
-
aspnet_regiis.exe -px MyCustomKeys keys.xml -pri
it will generatekeys.xml
file in C:\Windows\Microsoft.NET\Framework\v4.0.30319 - copy this file and put it in another machine where you would like to use it, to the same location C:\Windows\Microsoft.NET\Framework\v4.0.30319, and run:
aspnet_regiis -pi MyCustomKeys keys.xml
- after you can delete the file from both sides.
- Don't forget to rename Web.config to App.config, if you did so at the beginning.
- TO Decrypt the file:
aspnet_regiis.exe -pdf "SecuredSettings" "C:\DEV\ConsoleApp\DEX"
Solution 5
I was experiencing the same problem and here's what worked for me:
- add the aspnet_regiis tool's folder path to your %PATH% variable. This ensures that the tool is accessable from any folder in your command line. See this page for a brief explanation of how to add %PATH% variables: http://geekswithblogs.net/renso/archive/2009/10/21/how-to-set-the-windows-path-in-windows-7.aspx
- navigate to your web root folder (don't know if this is necessary but that's where I was navigated when I executed the command)
-
execute the command with the -pe argument and the -app argument like such:
aspnet_regiis -pe {section to encrypt} -app "{path from root folder to app, like: "/myappname", use quotes}
Related videos on Youtube
alice7
Updated on December 04, 2021Comments
-
alice7 over 2 years
I know that ppl have already asked questions regarding encrypting web.config.
im also trying to encrypt my test config file, but im getting this error.
aspnet_regiis -pef "connectionStrings" "C:\encryptedWeb.config" Encrypting configuration section... The configuration for physical path 'C:\EncryptedWeb.config' cannot be opened. Failed!
I just want to know, what could be reasons that it failed.
I got the answer, it was the readonly property of the web.config which was the problem. After I removed the readonly It worked like a charm.
-
SteveCav almost 3 yearsTry removing the quotes from connectionStrings.
-
-
alice7 almost 15 yearsI have two questions. First one can we individually test config file which is not a part of any application. And if I have two config files in my IIS, how to choose one of them.
-
Stuart almost 15 yearsWeb.config files are employed in a hierarchy, for instance, the root folder will have a web.config, but can be over ridden in sub folders with another web.config. Is that what you were asking?
-
alice7 almost 15 yearsActually my concern is I don't want to mess up my actual web.config if something goes wrong. SO I created a seperate config file just for testing.So you mean I have to work on my actual config file even if I like it or not.
-
Stuart almost 15 yearswork on the web.config, copy it before you change something you think could break it, name it something different, or save somewhere else
-
Stuart almost 15 yearsDo you use source control for your app?
-
Iman almost 9 yearseven extra backslash in D:\MyConfiguration\ throws an illegal character error
-
Mifo about 2 yearsI love 10 year old answers that still help me! My issue was that I was adding the file name at the end. Also, I am encrypting a config file for a desktop app so I first had to change the file name to Web.config, run the command and then change back.