Thanks for Dave's informative inputs.
Hi Steven,
Based on my understanding, your main concern is about applying encryption
protection for your client application(winform, console...)'s app.config
file and you found that the most resource on this topic is specific to
ASP.NET application, correct?
I've performed some research on the new config protection feature in .net
framework 2.0 and found that the Encryption Protection does work for both
server-side application(ASP.NET) and client applications(winform,
console...).
To protect our client application's app.config section, we can use the
following approach:
1. Use the System.Configuration.SectionInformation class's "ProtectSection"
method to protect our application's exe.config file's certain configuration
sections. And the "ProtectSection" method require us to provide a
EncryptionProvider name, we can create a custom RSA Provider(use the
aspnet_regiis.exe tool, this tool will be installed on any machine with
.net framework). use RSA key provider because it is easy for
exporting/importing when we need to deploy our application to other
machines.
For creating and exporting/importing RSA key and programmatically encrypt
sections in app.config file, you can refer to the following msdn articles:
#Walkthrough: Creating and Exporting an RSA Key Container
http://msdn2.microsoft.com/en-us/library/2w117ede.aspx
#RsaProtectedConfigurationProvider Class
http://msdn2.microsoft.com/en-us/lib...rsaprotectedco
nfigurationprovider.aspx
Also, at development time, we need to add the following key configuration
info in machine.config so as to make our applications(which is used for
encrypting configuration file or the application whose config file will be
enrypted can find the key). for example:
========custom key info====
<configProtectedData>
<providers>
<add name="SampleProvider"
type="System.Configuration.RsaProtectedConfigurati onProvider,
System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
processorArchitecture=MSIL"
keyContainerName="SampleKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
==================
2. At deployment time, we need to export the custom RSA key we created
ealier and import onto the target deployment machine(you can do this in the
setup program). Also, you need to make sure your client application's
app.config contains the above "custom key info" setting(so that it can find
it at the deployment machine's machine store).
Below is a simple test program demonstate programmatically encrypte the
AppSettings section of another program's exe.config file.
=====================
static void Main(string[] args)
{
string path =
@"D:\users\\workspace\ProtectConfig\ProtectConfig\ bin\Debug\ProtectConfig.ex
e";
Configuration config =
ConfigurationManager.OpenExeConfiguration(path);
ConfigurationSection section =config.GetSection("appSettings");
section.SectionInformation.ForceSave= true;
section.SectionInformation.ProtectSection("SmartCl ientProvider");
config.Save( ConfigurationSaveMode.Full);
}
========================
I use the aspnet_regiis tool to create and manage the custom RSA key at
developing and deploying time(mentioned in the above article). In
addition, since the client application may be accessed by multiple users
with different logon users. You need to also use aspnet_regiis tool to
grant them the permission to access the key(you can consider add them in a
group and grant the group the access permission).
If you have anything unclear or any further questions, please feel free to
post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial
response from the community or a Microsoft Support Engineer within 1
business day is
acceptable. Please note that each follow up response may take approximately
2 business days
as the support professional working with you may need further investigation
to reach the
most efficient resolution. The offering is not appropriate for situations
that require
urgent, real-time or phone-based interactions or complex project analysis
and dump analysis
issues. Issues of this nature are best handled working with a dedicated
Microsoft Support
Engineer by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.