Can not debug in Visual Studio with FIPS enabled.

PeteHopeMDA
PeteHopeMDA used Ask the Experts™
on
I work for a .gov agency that is tightening up security policies on all workstations.
The new policy enables FIPS.
You can not run Visual Studio web applications in debug mode in VS when FIPS has been enabled.

This is effecting VS2005 and VS2008.

When you have debug="true" in the web.config file every single aspx page generates the following error
"Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
With line 1 of the ASPX page highlighted.  I attached images of  my source code and the error generated.

I found a similar question here, under server software :confused: and the answer said to make some changes to the DEVENV.EXE.CONFIG file.  But it wasn't very clear as to how exactly to make the changes.
I attempted to ask to expand upon the answer in that same thread and it forced me to create a new question.

The solution was was to "add the tag <enforceFIPSPolicy enabled = 0> to the runtime section" of the devenv.exe.config file.  But after adding the <enforceFIPSPolicy enabled=0 />
 tag I get the following error when I try and run VS 2008

"This application has failed to start because the application configuration is incorrect"

Where exactly between the runtime tags are you inserting the new tag?  I have tried before <assemblyBinding>, after </assemblyBinding>, and inside assemblyBinding before the first <probing>

There is a similar question and solution on the asp.net forums.  In it someone responded that Microsoft knows about the issue and the bug has been marked as closed.
http://forums.asp.net/p/1265047/2388590.aspx

I also found an MSDN article that mentions adding the following to the web.config file.
<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="3DES" decryption="3DES"/>

Adding this to the web.config made no difference, still generated the error.

The only way to view the page on the local workstation within the ASP.NET Development Server is to set debug to false in the web.config.  Obviously this makes it pretty difficult to debug my application ;)

Turning off FIPS on our workstations is not an option.  This is a directive from on high and getting an exception to policy will probably involve testifying before congress.

Thanks.




<runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <probing privatePath="PublicAssemblies;PrivateAssemblies"/>
            <dependentAssembly>
                <assemblyIdentity name="Microsoft.Build.Framework" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
                <bindingRedirect oldVersion="0.0.0.0-99.9.9.9" newVersion="3.5.0.0"/>
            </dependentAssembly>
            <dependentAssembly>
                <assemblyIdentity name="EnvDTE" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
                <bindingRedirect oldVersion="7.0.3300.0" newVersion="8.0.0.0"/>
            </dependentAssembly>
        </assemblyBinding>
    </runtime>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Hmmm, didn't seem to like the images I attached.  So here is the web page code.

using System;
 
WebForm2.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm2.aspx.cs" Inherits="MimdsPres.WebForm2" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
</head>
<body>
    hey
</body>
</html>
 
WebForm2.cs
namespace MimdsPres
{
    public partial class WebForm2 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
 
        }
    }
}

Open in new window

Well I was able to actually get a solution to work.
All the online posts I found had the config file entry as
 <enforceFIPSPolicy enabled=0 />
or
 <enforceFIPSPolicy enabled="0" />

Then in this blog entry I saw the mention of
<enforceFIPSPolicy enabled="false"/>

And it worked.

In case anyone else happens upon this problem/issue:

Close Visual Studio 2008/2005
If the ASP.NET Development Server is running, right click on the icon in the Windows Toolbox and select Stop.
In the directory
C:\Program Files\Common Files\Microsoft Shared\DevServer\9.0
Create a text file called
WebDev.WebServer.Exe.config
Open the file with notepad and make this entry.
<configuration>
    <runtime>
      <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>
Then save and close the file.

For Visual Studio 2005
Go to
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE
Right click on the file
devenv.exe.config
Select Open With - Notepad.
Find the tag
<runtime>
and immediatly after this place the tag
<enforceFIPSPolicy enabled="false"/>
Then save and close the file.

For Visual Studio 2008
Go to
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE
Right click on the file
devenv.exe.config
Select Open With - Notepad.
Find the tag
<runtime>
and immediatly after this place the tag
<enforceFIPSPolicy enabled="false"/>
Then save and close the file.



Author

Commented:
Sorry, forgot the WebDev config step for 2005 :(

In the directory
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
Create a text file called
WebDev.WebServer.Exe.config
Open the file with notepad and make this entry.
<configuration>
    <runtime>
      <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>
Then save and close the file.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial