1

I have encrypted the appSettings and connectionStrings section of the web.config file of my web application.

These are the two commands that I entered at the Visual Studio 2010 command prompt:

aspnet_regiis.exe -pef "connectionStrings" C:\Provider -prov "DataProtectionConfigurationProvider"

aspnet_regiis.exe -pef "appSettings" C:\Provider -prov "DataProtectionConfigurationProvider"

Now, these two commands produced a new web.config file situated in the directory along with the solution file. I opened this web.config file, which only contained the encrypted appSettings and connectionStrings section of the original web.config file.

I then opened my web application, deleted the original appSettings and connectionStrings sections and pasted the encrypted ones.

This is how my web.config file looks now:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <appSettings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
      <CipherData>
        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA6h2T0PWsHUC2CPpYvY8QUwQAAAACAAAAAAAQZgAAAAEAACAAAAAdlSIaGrQ1CFjswJi2RxekJ4ZxmRArilsOiqrmUXt6JgAAAAAOgAAAAAIAACAAAACaV/bVjlK60wX9LOFzRsrkbcDjSOT+3Qj0JyUZZszNNSAAAACaQC3oKCPX1gaxZK3ghS6lAMcVwpNpbMpyNpeoiwxap0AAAAD87rr8QUaIQJv2Sc+i+RGWq1+vExAPNjjG1VtWvK4ILsOX88iBRRx0tpAFdNAw0AvGoxUTA7UQGKm7hTHBaAMz</CipherValue>
      </CipherData>
    </EncryptedData>
  </appSettings>
  <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
      <CipherData>
        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA6h2T0PWsHUC2CPpYvY8QUwQAAAACAAAAAAAQZgAAAAEAACAAAAB4Y7QqEGRvo9T04hE8hvd3wMvRXqIMa/UJBkOQnMnsbgAAAAAOgAAAAAIAACAAAADnzwxmuoWUQLYJ0/YPUkgvR/xyXDZNaQI4ZrMmACqvaTAAAAC6C0nEhW+g8WHcNJLN5DRi8uNimkG3GyMEajrB33ST7DN49W925xIeMiN3kvyLAcJAAAAAPcgh+jh6RzsfQElj7/e1RNAQEFQykiqYfLbUEMd+qHcfkLCNwe3tczJQDckGH1cT7Y9At16pPfek1bKZeM7YpQ==</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>

  <system.web>
    <compilation debug="true" explicit="true" targetFramework="4.0"/>
    <httpCookies httpOnlyCookies="true" requireSSL="true"/>

    <customErrors mode="On" defaultRedirect="DefaultErrorPage.htm">
      <error statusCode="404" redirect="ErrorPage.htm"/>
    </customErrors>

    <trace enabled="false"/>
  </system.web>
</configuration>

The problem that I have now is that when I try to use a page which accesses data in the web.config file (such as the connection string), I am getting a null reference exception.

For instance, this line generates a null reference exception:

string connection = ConfigurationManager.ConnectionStrings["DB_Connection"].ConnectionString;

How can I solve this please? Thank you :)

Clarification

The line worked perfectly before encrypting using the Data Protection API. The null reference exception started cropping up after encryption.

Matthew
  • 4,207
  • 18
  • 60
  • 91
  • 1
    Almost all cases of `NullReferenceException` are the same. Please see "[What is a NullReferenceException in .NET?](http://stackoverflow.com/questions/4660142/what-is-a-nullreferenceexception-in-net)" for some hints. – John Saunders Sep 23 '13 at 16:07
  • Clearly `ConfigurationManager.ConnectionStrings["DB_Connection"]` is `null`. When you debug this, what values are in the `ConfigurationManager.ConnectionStrings` collection? – David Sep 23 '13 at 16:09
  • I hope that you actually realize that your problem is that `ConfigurationManager.ConnectionStrings["DB_Connection"]` is null? I hope you simply didn't state that clearly in the question. – John Saunders Sep 23 '13 at 16:09
  • Yes but it used to work before encrypting the file. – Matthew Sep 23 '13 at 16:09
  • So the problem is that it is not finding DB_Connection once the file was encrypted. I know what a null reference exception is. – Matthew Sep 23 '13 at 16:10
  • DB_Connection is staying null when I debugged the program. So the problem is that the program is not finding DB_Connection in the web.config file after it was encrypted. – Matthew Sep 23 '13 at 16:13
  • Need more background info. Are you running this locally or did you deploy after encrypting? See: http://msdn.microsoft.com/en-us/library/ff647398.aspx Make sure you read the whole thing. Sounds like the site is executing under a different account than the one used to encrypt the values and/or on a different machine. – NotMe Sep 23 '13 at 16:18
  • @ChrisLively I am running the application locally. I encrypted the file by running visual studio 2010 command prompt as admin. I am runniing visual studio 2010 as admin as well under the same account and the same machine. – Matthew Sep 23 '13 at 16:26
  • By running locally do you mean you are using the web server built into visual studio or do you mean you are using IIS on the local computer? If the later, what user account is that executing under? – NotMe Sep 23 '13 at 16:29
  • @ChrisLively No I am using Cassini (the one in Visual Studio) – Matthew Sep 23 '13 at 16:33

1 Answers1

1

Don't know if you ever solved this but for me the solution was to grant read access to the machine key file created in "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" to the account NT AUTHORITY\NETWORK SERVICE.

The NullReferenceException was caused by the application not being able to read the file containing the encryption/decryption key.

With kind regards, Martin

Martin Munch
  • 26
  • 2
  • Thanks Martin :) How did you do this exactly though? How did you grant read access to the NT AUTHORITY\NETWORK SERVICE account? – Matthew Oct 05 '13 at 16:03