Avatar of softbless
softbless
 asked on

migrate web.config to another server

I encrypt the web.config file for my asp.net application using this command :


aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\application1" -prov "DataProtectionConfigurationProvider"

aspnet_regiis.exe -pef "appSettings" "C:\Inetpub\wwwroot\application1" -prov "DataProtectionConfigurationProvider"

And we got the web.config ecnrypted perfectly.


Regarding the encrypted web.config, what should I do if we want to migrate to other server, what is the correct step :
- simply copy the encrypted web.config into new server

or

- copy the plain web.config then rerun those 2 commands on the new server?

the issue the we are facing : In our client, we are not allowed to execute those 2 command on the new server.

Kindly advise. thanks
ASPASP.NETMicrosoft IIS Web Server

Avatar of undefined
Last Comment
softbless

8/22/2022 - Mon
Brad Howe

Hi,

By default the server will autogenerate its own machine key which makes them unique and .NET uses it to encrypt the web.config sections.

To use encrypted sections across servers, you would need to include a generated machine key in your web.config.  This is what administrators using in clusters or webfarms.

See WebFarm Deployment considerations.
http://msdn.microsoft.com/en-us/library/ff649308.aspx

You can also generate a unique key here using this webtool.
http://aspnetresources.com/tools/machineKey

In my opinion, I would simply add the machinekey validation and decryption keys to allow .net to decode your encrypted sections on the fly.

Cheers,
Hades666
softbless

ASKER
Hi,

Can u give step by step how to do it?

It would be very helpful for me.

I've tried to read the resources, but I'm stil confused.
ASKER CERTIFIED SOLUTION
Brad Howe

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
softbless

ASKER
Hi Hades,

I've read your URL.

The problem is we are not allowed to execute script in production server.

So we cannot do Step 10 below :

Step 10 : On the destination server, run the following command from a command prompt to import the custom RSA encryption keys: aspnet_regiis -pi "CustomKeys" "C:\CustomKeys.xml"

Do you know the other alternative so we don't need to do the step 10?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Brad Howe

Nope. With out access to the registry or aspnet, I don't know of a way other then keeping it unencrypted.

Sorry.
Hades666
softbless

ASKER
thanks