Thursday, October 8, 2009

Web.Config Custom Configuration sections with RSA

After spending awhile playing with RSA and Custom Configuration Sections I added the following community content:
  • You must compile your ConfigurationSection class as a strongly named assembly (dll) and deploy it to the GAC
    • If you don't, it will try to locate your class in System.Web
  • You should add this to the Compilation\Assemblies section of the Web.config if you will be using the values within a Web Site project (non pre-compiled)
    • Ex: <add assembly="Samples.AspNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=DllPktHere" />
  • The following section declaration should include the full strong named assembly
    • Ex: <section
      name="pageAppearance"
      type="Samples.AspNet.PageAppearanceSection, Samples.AspNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=DllPktHere"
  • Follow the RSA encryption instructions (http://msdn.microsoft.com/en-us/library/ms998283.aspx)
    except for the following:
    • You may need to use the -pef format instead of -pe
    • If you have your section within a group as in the example above, you should use this format: "SectionGroupName/SectionName"
      • This would be instead of the "connectionStrings" section used in the RSA encryption instructions examples.

1 comment:

  1. how do you use this and also refer to the section using configSource and have it encrypt the external file?

    ReplyDelete