External app config and encryption of settings

Posted on 2016-09-30
Medium Priority
Last Modified: 2016-10-17
We have a number of applications and services that need to share an external app config file. The external file contains a configSection with information that we which to encrypt.
Each service and application resides in its own application folder, and that is where the problems begin to escalate.
In the App.config, external files can be referenced with either ‘configSource’ or ‘file’ attribute. ‘configSource’ cannot be used because the external config file does not reside in the app folder or in app sub folders. Threrefore we have to use the ‘file’ attribute.
<customSettings file=”path to setting”/>
The ‘customSettings’ configSection has been defined as followed:
    <section name="customSettings" type="System.Configuration.NameValueFileSectionHandler, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
I’m then trying to encrypt the configSection using code like this:
Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
ConfigurationSection section = config.GetSection("customSettings");

if (!section.SectionInformation.IsProtected)
Because I’m using the file attribute (I suspect). The config section is encrypted in App.config and the external file is not. What gets encrypted in App.config is just <customSettings file=”path to setting”/>. Which is pretty useless.

This means that the Individual applications and services cannot encrypt the external config file.
I then had the idea that I would place a small application residing in the same directory as the external config file. The purpose of this application was to encrypt the external config file by using ‘configSource’ attribute instead. This approach does not work at all. Nothing happens, and nothing is encrypted.

To investigate a little further I placed the ‘customSettings’ in the App.config and encrypted the section successfully. I then copied the encrypted data to the external file to test if encryption could work in the external config file. This works fine with the ‘configSource’ but throws an exception when using the ‘file’ attribute. Exception thrown: Unrecognized attribute 'configProtectionProvider'
Since we must use the ‘file’ attribute in the app.config I now have 2 problems.
1)      Cannot encrypt external file.
2)      If the external file is manually encrypted, I cannot read it using the ‘file’ attribute.
Question by:Thomas Koehrsen
1 Comment
LVL 20

Accepted Solution

Daniel Van Der Werken earned 2000 total points
ID: 41823596
Sorry. I'm not completely following. It appears you're attempting to store sensitive data in a file and read it programmatically, and you want to use the data within the app.

And the app.config is giving you troubles with this.

And you have multiple applications using the same app.config.

If it were me, I'd jump ship on the app.config usage idea and roll my own process.

1. Create a common file available in a location all applications have access. You can use the appSettings section of the app.config to point to the location of this file.

2. Encrypt the file with a common key stored in the app.config, or use the machine key for that system, or some other means.

3. Use standard C# encryption and decryption methods to encrypt/decrypt the information in the file using standard System.IO and System.Cryptography means.

4. Store the data in some pre-defined format. You can use XML or JSON or even just some format of your own like each line with bars (|) delimiting the info:


Then you can use the string.Split() method to read the expected data and parse it once the data has been decrypted using standard means.

Otherwise, I'm sorry, I don't have the experience or knowledge about the app.config usage to assist. I'm wondering if it might behoove you to move past that attempt as it seems you've run into a number of possible limitations already.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
This article describes and provides a custom-made tool I wrote to give businesses a means of identifying commercial music content, without having to expend too much effort. Business recordings are easily identified from possibly illegal music files …
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question