Labels

Thursday, July 31, 2008

01 - Creating Encrypted Configuration Sections

Hi,

Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Creating Encrypted Configuration Sections

 
·                If you need to protect sensitive information stored in a configuration file, you can encrypt the information. 
·                You can encrypt just about any section in the web configuration file with the sole exception of the processModel section
·                You also can encrypt a custom configuration section.
·                The .NET Framework uses the Provider Model for encrypting configuration sections. 
 
·                The Framework ships with two ProtectedConfigurationProviders: 
 
o                           RsaProtectedConfigurationProvider 
 
§    It is the default provider.
§    Uses Public Key Cryptography.
§    This is the one you should almost always use – 
 
§                             Reason: Provider supports exporting and importing encryption keys. This means that you can move an application that contains an encrypted configuration file from one web server a new web server.
 
o                           DpapiProtectedConfigurationProvider
 
§    It uses either Triple-DES or AES
§    Should not be recommended.
 
§                             Reason: If we use this to encrypt a configuration section, on the other hand, then you cannot decrypt the configuration section on another web server. 
§                             i.e. If you need to move the configuration file from one server to another, then you need to first decrypt the configuration file on the source server and re-encrypt the configuration file on the destination server.

Hope this helps

Thanks & Regards,

Arun Manglick || Senior Tech Lead

02 - Encrypting Sections with the aspnet_regiis tool

Hi,

Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Encrypting Sections with the aspnet_regiis tool

·                To encrypt a particular section of a configuration file.
o                      By specifying file system path
o                      –pef option
 
               aspnet_regiis -pef connectionStrings c:\Websites\MyWebApp
 
o                      By specifying virtual path
o                      –pe option
 
 
               aspnet_regiis -pe connectionStrings -app /MyApp
 
·                When you encrypt a configuration section, you can also specify the ProtectedConfigurationProvider to use to encrypt the section. 
 
o                      The Machine.config file configures two providers: the 
§                             RsaProtectedConfigurationProvider : Default 
§                             DataProtectionConfigurationProvider.
o                      Requires –prov option.
 
E.g
 
               aspnet_regiis -pe connectionStrings -app /MyApp -prov ProtectedConfigurationProvider
 
·                To decrypt a particular section of a configuration file.
o                      –ped option
 
 
               aspnet_regiis -pd connectionStrings -app /MyApp

Thanks & Regards,

Arun Manglick || Senior Tech Lead

03 - Encrypting Sections Programmatically

Hi,

Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Encrypting Sections Programmatically

 
·                Using the Configuration API. 
·                Specifically, you can encrypt a configuration section by calling the 
o                      SectionInformation.ProtectSection() method.
o                      SectionInformation.UnProtectSection()
·                E..g
 

Private Sub Page_Load()

If Not Page.IsPostBack Then

BindSections()

End If

End Sub

Protected Sub grdSections_RowCommand(ByVal sender As Object, ByVal e As GridViewCommandEventArgs)

Dim rowIndex As Integer = Int32.Parse(CType(e.CommandArgument, String))

Dim sectionName As String = CType(grdSections.DataKeys(rowIndex).Value, String)

If e.CommandName = "Protect" Then

ProtectSection(sectionName)

End If

If e.CommandName = "UnProtect" Then

UnProtectSection(sectionName)

End If

BindSections()

End Sub

Private Sub BindSections()

Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request .ApplicationPath)

Dim colSections As New List(Of SectionInformation)()

For Each section As ConfigurationSection In config.SectionGroups("system.web").Sections

colSections.Add(section.SectionInformation)

Next

grdSections.DataSource = colSections

grdSections.DataBind()

End Sub

Private Sub ProtectSection(ByVal sectionName As String)

Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request .ApplicationPath)

Dim section As ConfigurationSection = config.GetSection(sectionName)

section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider")

config.Save(ConfigurationSaveMode.Modified)

End Sub

Private Sub UnProtectSection(ByVal sectionName As String)

Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request .ApplicationPath)

Dim section As ConfigurationSection = config.GetSection(sectionName)

section.SectionInformation.UnprotectSection()

config.Save(ConfigurationSaveMode.Modified)

End Sub

 
 
See Figure Link.

Hope this helps

Thanks & Regards,

Arun Manglick || Senior Tech Lead

04 - Deploying Encrypted Web Configuration Files

Hi,

Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Deploying Encrypted Web Configuration Files

·                If you need to copy an encrypted configuration file from one server to a new server, then you must copy the keys used to encrypt the configuration file to the new server. Otherwise, your application can't read encrypted sections of the configuration file on the new server.
 

Warning

o                      You can't copy an encrypted configuration file from one server to another when you are using the DpapiProtectedConfigurationProvider. This section assumes that you are using the RsaProtectedConfigurationProvider.
 
·                By default, the RsaProtectedConfigurationProvider uses a public/private key pair stored in a key container named NetFrameworkConfigurationKey. 
o                      This key container is located at the following path:
§                             \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
 
o                      This default key container does not support exporting both the public and private encryption keys
 
·                Now, If you want to deploy an application that contains an encrypted configuration file to a new server, then you must complete five configuration steps:
 
1. 
Create a new key container.
2. 
Configure your application to use the new key container.
3. 
Export the keys from the origin server.
4. 
Import the keys on the destination server.
5. 
Grant access to the key container to your ASP.NET application.
 
·                Step 1:
 
o                      aspnet_regiis -pc "SharedKeys" –exp
 
o                      This command creates a new key container named SharedKeys
o                      The -exp option is used to make any keys added to the container exportable.
 
·                Step 2:
 

<?xml version="1.0"?>

<configuration>

<configProtectedData

defaultProvider="MyProtectedConfigurationProvider">

<providers>

<add

name="MyProtectedConfigurationProvider"

type="System.Configuration.RsaProtectedConfigurationProvider"

cspProviderName=""

useMachineContainer="true"

useOAEP="false"

keyContainerName="SharedKeys" />

</providers>

</configProtectedData>

<connectionStrings>

<add

name="Movies" connectionString="Data Source=DataServer;Integrated Security=true; Initial Catalog=MyDB" />

</connectionStrings>

</configuration>

 
 
·                Step 3:
o                      Export the keys contained in the SharedKeys key container to an XML file
 
o                      aspnet_regiis -px "SharedKeys" keys.xml -pri
 
§                             -pri option causes both the private and public keyand not only the public keyto be exported to the XML file.
 
·                Step 4:
o                      Copy the XML file to the destination server and Import the encryption keys.
o                      Execute the following command on the destination server:
§                             To create a new key container and 
§                             Import the encryption keys
 
§                             aspnet_regiis -pi "SharedKeys" keys.xml
 
·                Step 5:
o                      You can grant access to the SharedKeys key container to the ASPNET account by executing the following command:
 
§                             aspnet_regiis -pa "SharedKeys" "ASPNET"
 
o                      Executing this command modifies the ACLs for the SharedKeys key container so that the ASPNET account has access to the encryption keys.

After you complete this final step, you can transfer ASP.NET applications with encrypted configuration files back and forth between the two servers. An application on one server can read configuration files that were encrypted on the other server.

Note

As an alternative to using the aspnet_regiis tool, you can transfer encryption keys with the help of the RsaProtectedConfigurationProvider class. The RsaProtectedConfigurationProvider class contains methods for exporting and importing keys to and from XML files programmatically.

Thanks & Regards,

Arun Manglick || Senior Tech Lead

Thursday, July 17, 2008

C# 4.0 on its way....

Hi,

Crazy people – The C# guys - C# 4.0 is on its way.

Before the developers burnt their hands on C# 2.0, C# 3.5 - C# 4.0 is on its way.

We as ‘Monetrics’ is using C# 3.5 for last 10 months and tried only its 40-50% part of the new features set, but, C# 4.0 is on its way.

What is C# 4.0

No where mentioned explicitly. However I got few, from the conversation held at Seattle.

C# 4.0 will be coming with Dynamic Dispatch feature. The Dynamic Dispatch feature will be supported by the DLR (Dynamic Language Runtime) and no more CLR.

For reference – Silverlight works on DLR.

After the Generics in C# 2.0 and Language Integrated Query in C# 3.5, C# 4.0 will be adding Dynamic Constructs to the language, compared to the static nature of the present C# language.

With the Dynamic feature, C# is competing with Ruby on Rails and Python. With C# having this feature, you will not be requiring JavaScript any more to add Dynamic feature in your application.

People have started putting their ‘Wishlist’ with C# 4.0. If you have, add your wish to the list.

VB is ahead of C# -

It’s an eternal war between VB and C#.

Around two years ago Microsoft started a project to make VB a dynamic language like Ruby and Python. It is called VBx, and planned to be shipped with Silverlight 2.0 (this year).

Now C# guys are just catching up to not be left out of the dynamic language inner circle.

Hope this helps.

Thanks & Regards,

Arun Manglick || Senior Tech Lead

16 - Web Service Behavior

Hi,

Defn-

- The WebService behavior enables methods that are implemented on Web Services to be called from client-side script in a web page, using Microsoft Internet Explorer 5 and later versions.

- A behavior is a component, that you can associate with an element within an HTML page, that extends the element's default functionality

- The main advantage of using a behavior to access a Web service is that you can update the content of a page without reloading the whole page.

- Before you can use the WebService behavior, you need to download the webservice.htc file from the Microsoft MSDN library.

- To attach a WebService behavior to a page, first download the WebService HTC File World Wide Web link file and put a copy in the same directory as the pages that use the behavior.

Limitations of the WebService Behavior

- The first limitation - You can use the WebService behavior to access only those Web services located in the same domain as the Web page that contains the behavior.

- The second limitation concerns the data types that you can access through the WebService behavior - The WebService behavior supports all the base .NET types, such as Strings, Integers, and DateTimes, Arrays. However there is no direct support for more complex types, such as DataSets, DataTables, Collections, or custom objects.

Thanks & Regards,

Arun Manglick || Senior Tech Lead