Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Why does saving application settings in a C# application generate App.config.config?

Posted on 2014-12-18
6
347 Views
Last Modified: 2014-12-22
I'm currently working out how to use the .net application settings infrastructure in C#. I've implemented a code snippet I received from: http://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx

The code is as follows:
public void ToggleConfigEncryption(string exeConfigName)
        {
            // Takes the executable file name without the 
            // .config extension. 
            try
            {
                // Open the configuration file and retrieve  
                // the connectionStrings section.
                Configuration config = ConfigurationManager.
                    OpenExeConfiguration(exeConfigName);

                ConnectionStringsSection section =
                    config.GetSection("connectionStrings")
                    as ConnectionStringsSection;

                if (section.SectionInformation.IsProtected)
                {
                    // Remove encryption.
                    section.SectionInformation.UnprotectSection();
                }
                else
                {
                    // Encrypt the section.
                    section.SectionInformation.ProtectSection(
                        "DataProtectionConfigurationProvider");
                }
                // Save the current configuration.
                config.Save();

                Console.WriteLine("Protected={0}",
                    section.SectionInformation.IsProtected);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }
        }

Open in new window


The App.config looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
    </configSections>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
  <connectionStrings>
    <clear />
    <add name="SQL"
         providerName ="System.Data.SqlClient"
         connectionString ="Server=MyServer; Database=MyDB; User Id=sa; Password=Password;"/>
  </connectionStrings>
</configuration>

Open in new window


What I don't understand is why issuing the config.save(); command saves the application settings into the App.config.config file instead of the App.config file its self. Does anyone know why?
0
Comment
Question by:DonovanV
6 Comments
 
LVL 23

Expert Comment

by:Michael74
ID: 40508462
Are you sure you are passing in the exe name without the .config extension?

Place a break point on the code and check the value exeConfigName at runtime
0
 

Author Comment

by:DonovanV
ID: 40509670
Oops, I forgot to list my input. I've tested passing both "MyAppName.exe" and "App.config" into the ToggleConfigEncryption procedure. The result I described was from passing "App.config". When I pass "MyAppName.exe" into that procedure the result is a file named "MyAppName.exe.config". In both cases the connection string I'm trying to protect is left unencrypted in the App.config file.
0
 
LVL 40

Accepted Solution

by:
Jacques Bourgeois (James Burger) earned 500 total points
ID: 40510464
This is normal. App.config is part of your source code. It is not distributed with your application, so it does not need to be encrypted.

The one that you distribute with your application is the MyAppName.exe.config, so this is the one that needs to be encrypted. That is why you need to pass MyAppName.exe as a parameter, so that the MyAppName.exe.config file is the one that is encrypted.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 16

Expert Comment

by:Vikram Singh Saini
ID: 40510533
I strongly agree with Jacques Bourgeois (James Burger).
0
 
LVL 23

Expert Comment

by:Michael74
ID: 40511057
During testing the file being edited it located in the bin/Debug folder and as noted will be named MyAppName.exe.config
When you distribute the app you will need to ensure it is not encrypted as the encryption is machine specific and another machine will not have the appropriate keys needed to decrypt the string.
http://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file
0
 

Author Closing Comment

by:DonovanV
ID: 40513428
Jacques cleared up the exact confusion I had about how this system was supposed to work. I think it is important however to point out that Michael74's answer is very important to the concept of encrypting and deploying settings. Now that I know how the system works I know that the way I was trying to implement it would not have been workable in the end without having un-encrypted settings deployed with the app then cleaned up later, at the very least.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question