My new blog present here.

Featured Post

Insights into Sitecore Search: A Definitive Introduction

A key component of digital experience management is effective information retrieval. A simplified approach is required for websites, applications, and platforms containing a lot of material so that consumers can easily get the data they require. This need is met by Sitecore, a well-known name in the field of digital experience platforms (DXPs), which provides powerful and comprehensive search functionality. We will travel into the realm of Sitecore Search in this article, learning about its capabilities, architecture , and the enormous value it offers both developers and end users. Introduction to Sitecore Search    A headless content discovery platform powered by AI , Sitecore Search enables you to build predictive and custom search experiences across various content sources. To extract and ...
Post a Comment

Encrypting Web.Config using RSAProtectedConfigurationProvider in SharePoint Using C#

Encrypting Web.Config Values

Overview:

One of the most common uses of the protected configuration is to encrypt connection strings in web.confg (that's one of the reasons for creating a separate tag for connection strings instead of adding it in appSettings tag). Adding this connection string as plain text is not the best practice for sharepoint web application security and this might cause serious hacking problems. Sharepoint also support for encrypting and decrypting configuration sections in web.config file. In this article, we will explore how to encrypt and decrypt sections of the web.config. We can encrypt the configuration sections by using two built-in providers: DPAPI (Windows Data Protection API) Provider or the RSA provider.

The RSA provider (default) uses an RSA key which holds public and private keys, where as the DPAPI provider uses built-in machine-specific key. Let us explore the steps required to encrypt the sections using RSA.



Below are steps in detail.

Step 1: Add a web.config file to the project. Right click the project > Add New Item > Web Configuration File

Step 2: To create the custom configuration section in Web.Config file please create the custom class inherited from ConfigurationSection class.



using System;
using System.Collections.Generic;
using System.Text;
using System.Configuration;
using System.Web.Configuration;

namespace Amit.Kumar.GeneralSite.Web.UI
{
   class CustomUpdateProfileSection : ConfigurationSection
   {
       private static CustomUpdateProfileSection settings = ConfigurationManager.GetSection("CustomUpdateProfileSection") as CustomUpdateProfileSection;
       public static CustomUpdateProfileSection Settings
       {
           get
           {
               return settings;
           }
       }
       [ConfigurationProperty("UpdateProfileUserDomain", DefaultValue = "v4", IsRequired = true)]
       public string UpdateProfileUserDomain
       {
           get { return (string)this["UpdateProfileUserDomain"]; }
           set { this["UpdateProfileUserDomain"] = value; }
       }

       [ConfigurationProperty("UpdateProfileUserName", IsRequired = true)]
       public string UpdateProfileUserName
       {
           get { return (string)this["UpdateProfileUserName"]; }
           set { this["UpdateProfileUserName"] = value; }
       }
       [ConfigurationProperty("UpdateProfileUserPassword", IsRequired = true)]
       public string UpdateProfileUserPassword
       {
           get { return (string)this["UpdateProfileUserPassword"]; }
           set { this["UpdateProfileUserPassword"] = value; }
       }

   }
}




Step 3: Sign the assembly with the strong name and deploy in the GAC.

Step 4: Define the custom section in the Web.Config file


<configuration>
 <configSections>
   <section name="CustomUpdateProfileSection" type="Amit.Kumar.GeneralSite.Web.UI.CustomUpdateProfileSection, Amit.Kumar.GeneralSite, Version=3.0.0.0, Culture=neutral, PublicKeyToken=8b7a42e9b9b5355f" />
 </configSections>
 <CustomUpdateProfileSection UpdateProfileUserDomain="v4" UpdateProfileUserName="arpit" UpdateProfileUserPassword="pass" />
</configuration>


Note: "Amit.Kumar.GeneralSite.Web.UI.CustomUpdateProfileSection" is the name of the class. "Amit.Kumar.GeneralSite" is the name of the Assembly.

Step 5: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use these buttons to encrypt and decrypt the sections of the web.config file. Add the following code in the button click event of the two buttons:



public void btnEncrypt_OnClick(object sender, EventArgs e)
{
   try
   {
       System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
       ConfigurationSection objSection = config.GetSection("CustomUpdateProfileSection");
       if ((config != null) && (!objSection.SectionInformation.IsProtected))
       {
           if (!objSection.ElementInformation.IsLocked)
           {
               objSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
               config.Save();
               this.lblCustomError.Visible = false;
               this.lblSuccess.Text = "Successfully Encrypted, Kindly check the Web.Config file.";
               this.lblSuccess.Visible = true;
           }                
       }         
            
   }
   catch (Exception ex)
   {
       string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
       this.lblCustomError.Text = strErrorMsg;
       this.lblCustomError.Visible = true;
   }
}

public void btnDecrypt_OnClick(object sender, EventArgs e)
{
   try
   {
       System.Configuration.Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
       ConfigurationSection objSection = objConfig.GetSection("CustomUpdateProfileSection");
       if (objConfig != null && objSection.SectionInformation.IsProtected)
       {
           if (!objSection.ElementInformation.IsLocked)
           {
               objSection.SectionInformation.UnprotectSection();
               objConfig.Save();
               this.lblCustomError.Visible = false;
               this.lblSuccess.Text = "Successfully Decrypted, Kindly check the Web.Config file.";
               this.lblSuccess.Visible = true;
           }                 
       }              
            
   }
   catch (Exception ex)
   {
       string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
       this.lblCustomError.Text = strErrorMsg;
       this.lblCustomError.Visible = true;
   }
}

Comments

Post a Comment

Popular posts from this blog

Sitecore GraphQL Queries

Image
This article will provide the details about Sitecore GraphQL queries usage and how it will be useful in creating Sitecore projects especially Sitecore JSS projects. The topics covered under this Sitecore GraphQL article are: •    Overview of Sitecore GraphQL (GQL) •    Setup GraphQL (GQL) in Sitecore •    Usage of Sitecore GraphQL (GQL) in Sitecore JSS •    GraphQL (GQL) Queries Usage         o   Get an item by path and show field id and name       o   Return the name and value from all fields       o   Get the values of Treelist or Multilist field type       o   Get the template field details with values of current item       o   Get the field values using Aliases       o   Return a specific field with Alias ...
Read more

Sitecore Experience Manager Cloud (XM Cloud) Building blocks

Image
Sitecore Experience Manager Cloud, or XM Cloud is a game-changing force in the field of digital experience management in the age of cloud computing. We must identify the fundamental components that make up this cutting-edge platform in order to fully appreciate its capabilities. Join us as we dissect the fundamental elements that make up the Sitecore Experience Manager Cloud (or XM Cloud) architecture and investigate how they work together to produce a dynamic, scalable, and customized digital experience environment. Sitecore XM Cloud Overview    The SaaS enterprise-ready , cloud-native CMS from Sitecore called the Experience Manager Cloud (XM Cloud) allows for the creation of content only once and delivers it to every channel for exceptional client experiences. Developers and marketers can q...
Read more

Sitecore Experience Edge GraphQL Queries

Image
The Headless development in Sitecore is powered by a layer of services, API endpoints, and rendering SDKs: Services and API endpoints Sitecore Headless Services Sitecore Experience Edge for XM Rendering SDKs Sitecore ASP.NET Rendering SDK Sitecore JavaScript Rendering SDKs (JSS) In this article, we will explore about Sitecore scalable API layer called Sitecore Experience Edge which provides you a Sitecore-hosted GraphQL (GQL) API. With these Edge GraphQL (GQL) endpoint you can build your solution in any language and pull the required content with the help of GraphQL (GQL) . The major GraphQL APIs of Sitecore Experience Edge are: Preview API Delivery API You can check more details about these APIs at Type of Sitecore Experience Edge API . GraphQL is a query language for these APIs t...
Read more