My new blog present here.

Featured Post

Insights into Sitecore Search: A Definitive Introduction

A key component of digital experience management is effective information retrieval. A simplified approach is required for websites, applications, and platforms containing a lot of material so that consumers can easily get the data they require. This need is met by Sitecore, a well-known name in the field of digital experience platforms (DXPs), which provides powerful and comprehensive search functionality. We will travel into the realm of Sitecore Search in this article, learning about its capabilities, architecture , and the enormous value it offers both developers and end users. Introduction to Sitecore Search    A headless content discovery platform powered by AI , Sitecore Search enables you to build predictive and custom search experiences across various content sources. To extract and index you

Encrypting Web.Config

Encrypting Web.Config using RSAProtectedConfigurationProvider in SharePoint

Overview:

One of the most common uses of the protected configuration is to encrypt connection strings in web.confg (that's one of the reasons for creating a separate tag for connection strings instead of adding it in appSettings tag). Adding this connection string as plain text is not the best practice for sharepoint web application security and this might cause serious hacking problems. Sharepoint also support for encrypting and decrypting configuration sections in web.config file. In this article, we will explore how to encrypt and decrypt sections of the web.config. We can encrypt the configuration sections by using two built-in providers: DPAPI (Windows Data Protection API) Provider or the RSA provider. The RSA provider (default) uses an RSA key which holds public and private keys, where as the DPAPI provider uses built-in machine-specific key. Let us explore the steps required to encrypt the sections using RSA.

Below are steps in detail:

Step 1: Add a web.config file to the project. Right click the project > Add New Item > Web Configuration File
Step 2: To create the custom configuration section in Web.Config file please create the custom class inherited from ConfigurationSection class.


using System;
using System.Collections.Generic;
using System.Text;
using System.Configuration;
using System.Web.Configuration;

namespace AmitKumar.GeneralSite.Web.UI
{
class CustomUpdateProfileSection : ConfigurationSection
{
private static CustomUpdateProfileSection settings = ConfigurationManager.GetSection("CustomUpdateProfileSection") as CustomUpdateProfileSection;
public static CustomUpdateProfileSection Settings
{
get
{
return settings;
}
}
[ConfigurationProperty("UpdateProfileUserDomain", DefaultValue = "v4", IsRequired = true)]
public string UpdateProfileUserDomain
{
get { return (string)this["UpdateProfileUserDomain"]; }
set { this["UpdateProfileUserDomain"] = value; }
}

[ConfigurationProperty("UpdateProfileUserName", IsRequired = true)]
public string UpdateProfileUserName
{
get { return (string)this["UpdateProfileUserName"]; }
set { this["UpdateProfileUserName"] = value; }
}
[ConfigurationProperty("UpdateProfileUserPassword", IsRequired = true)]
public string UpdateProfileUserPassword
{
get { return (string)this["UpdateProfileUserPassword"]; }
set { this["UpdateProfileUserPassword"] = value; }
}

}
}


Step 3: Sign the assembly with the strong name and deploy in the GAC.
Step 4: Define the custom section in the Web.Config file










Note: "AmitKumar.Web.UI.CustomUpdateProfileSection" is the name of the class. "AmitKumar" is the name of the Assembly.
Step 5: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use these buttons to encrypt and decrypt the sections of the web.config file. Add the following code in the button click event of the two buttons:


public void btnEncrypt_OnClick(object sender, EventArgs e)
{
try
{
System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection objSection = config.GetSection("CustomUpdateProfileSection");
if ((config != null) && (!objSection.SectionInformation.IsProtected))
{
if (!objSection.ElementInformation.IsLocked)
{
objSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
this.lblCustomError.Visible = false;
this.lblSuccess.Text = "Successfully Encrypted, Kindly check the Web.Config file.";
this.lblSuccess.Visible = true;
}
}

}
catch (Exception ex)
{
string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
this.lblCustomError.Text = strErrorMsg;
this.lblCustomError.Visible = true;
}
}

public void btnDecrypt_OnClick(object sender, EventArgs e)
{
try
{
System.Configuration.Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection objSection = objConfig.GetSection("CustomUpdateProfileSection");
if (objConfig != null && objSection.SectionInformation.IsProtected)
{
if (!objSection.ElementInformation.IsLocked)
{
objSection.SectionInformation.UnprotectSection();
objConfig.Save();
this.lblCustomError.Visible = false;
this.lblSuccess.Text = "Successfully Decrypted, Kindly check the Web.Config file.";
this.lblSuccess.Visible = true;
}
}

}
catch (Exception ex)
{
string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
this.lblCustomError.Text = strErrorMsg;
this.lblCustomError.Visible = true;
}
}

Comments

Popular posts from this blog

Sitecore GraphQL Queries

Twenty 20 Masti:

Sitecore Experience Edge GraphQL Queries