DonovanV
asked on
Why does saving application settings in a C# application generate App.config.config?
I'm currently working out how to use the .net application settings infrastructure in C#. I've implemented a code snippet I received from: http://msdn.microsoft.com/ en-us/libr ary/ms2544 94(v=vs.11 0).aspx
The code is as follows:
The App.config looks like this:
What I don't understand is why issuing the config.save(); command saves the application settings into the App.config.config file instead of the App.config file its self. Does anyone know why?
The code is as follows:
public void ToggleConfigEncryption(string exeConfigName)
{
// Takes the executable file name without the
// .config extension.
try
{
// Open the configuration file and retrieve
// the connectionStrings section.
Configuration config = ConfigurationManager.
OpenExeConfiguration(exeConfigName);
ConnectionStringsSection section =
config.GetSection("connectionStrings")
as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
// Remove encryption.
section.SectionInformation.UnprotectSection();
}
else
{
// Encrypt the section.
section.SectionInformation.ProtectSection(
"DataProtectionConfigurationProvider");
}
// Save the current configuration.
config.Save();
Console.WriteLine("Protected={0}",
section.SectionInformation.IsProtected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
The App.config looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<connectionStrings>
<clear />
<add name="SQL"
providerName ="System.Data.SqlClient"
connectionString ="Server=MyServer; Database=MyDB; User Id=sa; Password=Password;"/>
</connectionStrings>
</configuration>
What I don't understand is why issuing the config.save(); command saves the application settings into the App.config.config file instead of the App.config file its self. Does anyone know why?
ASKER
Oops, I forgot to list my input. I've tested passing both "MyAppName.exe" and "App.config" into the ToggleConfigEncryption procedure. The result I described was from passing "App.config". When I pass "MyAppName.exe" into that procedure the result is a file named "MyAppName.exe.config". In both cases the connection string I'm trying to protect is left unencrypted in the App.config file.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I strongly agree with Jacques Bourgeois (James Burger).
During testing the file being edited it located in the bin/Debug folder and as noted will be named MyAppName.exe.config
When you distribute the app you will need to ensure it is not encrypted as the encryption is machine specific and another machine will not have the appropriate keys needed to decrypt the string.
http://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file
When you distribute the app you will need to ensure it is not encrypted as the encryption is machine specific and another machine will not have the appropriate keys needed to decrypt the string.
http://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file
ASKER
Jacques cleared up the exact confusion I had about how this system was supposed to work. I think it is important however to point out that Michael74's answer is very important to the concept of encrypting and deploying settings. Now that I know how the system works I know that the way I was trying to implement it would not have been workable in the end without having un-encrypted settings deployed with the app then cleaned up later, at the very least.
Place a break point on the code and check the value exeConfigName at runtime