softbless
asked on
migrate web.config to another server
I encrypt the web.config file for my asp.net application using this command :
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\applic
aspnet_regiis.exe -pef "appSettings" "C:\Inetpub\wwwroot\applic
And we got the web.config ecnrypted perfectly.
Regarding the encrypted web.config, what should I do if we want to migrate to other server, what is the correct step :
- simply copy the encrypted web.config into new server
or
- copy the plain web.config then rerun those 2 commands on the new server?
the issue the we are facing : In our client, we are not allowed to execute those 2 command on the new server.
Kindly advise. thanks
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\applic
aspnet_regiis.exe -pef "appSettings" "C:\Inetpub\wwwroot\applic
And we got the web.config ecnrypted perfectly.
Regarding the encrypted web.config, what should I do if we want to migrate to other server, what is the correct step :
- simply copy the encrypted web.config into new server
or
- copy the plain web.config then rerun those 2 commands on the new server?
the issue the we are facing : In our client, we are not allowed to execute those 2 command on the new server.
Kindly advise. thanks
ASKER
Hi,
Can u give step by step how to do it?
It would be very helpful for me.
I've tried to read the resources, but I'm stil confused.
Can u give step by step how to do it?
It would be very helpful for me.
I've tried to read the resources, but I'm stil confused.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Hades,
I've read your URL.
The problem is we are not allowed to execute script in production server.
So we cannot do Step 10 below :
Step 10 : On the destination server, run the following command from a command prompt to import the custom RSA encryption keys: aspnet_regiis -pi "CustomKeys" "C:\CustomKeys.xml"
Do you know the other alternative so we don't need to do the step 10?
I've read your URL.
The problem is we are not allowed to execute script in production server.
So we cannot do Step 10 below :
Step 10 : On the destination server, run the following command from a command prompt to import the custom RSA encryption keys: aspnet_regiis -pi "CustomKeys" "C:\CustomKeys.xml"
Do you know the other alternative so we don't need to do the step 10?
Nope. With out access to the registry or aspnet, I don't know of a way other then keeping it unencrypted.
Sorry.
Hades666
Sorry.
Hades666
ASKER
thanks
By default the server will autogenerate its own machine key which makes them unique and .NET uses it to encrypt the web.config sections.
To use encrypted sections across servers, you would need to include a generated machine key in your web.config. This is what administrators using in clusters or webfarms.
See WebFarm Deployment considerations.
http://msdn.microsoft.com/en-us/library/ff649308.aspx
You can also generate a unique key here using this webtool.
http://aspnetresources.com/tools/machineKey
In my opinion, I would simply add the machinekey validation and decryption keys to allow .net to decode your encrypted sections on the fly.
Cheers,
Hades666