My new blog present here.

Featured Post

Insights into Sitecore Search: A Definitive Introduction

A key component of digital experience management is effective information retrieval. A simplified approach is required for websites, applications, and platforms containing a lot of material so that consumers can easily get the data they require. This need is met by Sitecore, a well-known name in the field of digital experience platforms (DXPs), which provides powerful and comprehensive search functionality. We will travel into the realm of Sitecore Search in this article, learning about its capabilities, architecture , and the enormous value it offers both developers and end users. Introduction to Sitecore Search    A headless content discovery platform powered by AI , Sitecore Search enables you to build predictive and custom search experiences across various content sources. To extract and ...
Post a Comment

Encrypting Web.Config

Encrypting Web.Config using RSAProtectedConfigurationProvider in SharePoint

Overview:

One of the most common uses of the protected configuration is to encrypt connection strings in web.confg (that's one of the reasons for creating a separate tag for connection strings instead of adding it in appSettings tag). Adding this connection string as plain text is not the best practice for sharepoint web application security and this might cause serious hacking problems. Sharepoint also support for encrypting and decrypting configuration sections in web.config file. In this article, we will explore how to encrypt and decrypt sections of the web.config. We can encrypt the configuration sections by using two built-in providers: DPAPI (Windows Data Protection API) Provider or the RSA provider. The RSA provider (default) uses an RSA key which holds public and private keys, where as the DPAPI provider uses built-in machine-specific key. Let us explore the steps required to encrypt the sections using RSA.

Below are steps in detail:

Step 1: Add a web.config file to the project. Right click the project > Add New Item > Web Configuration File
Step 2: To create the custom configuration section in Web.Config file please create the custom class inherited from ConfigurationSection class.


using System;
using System.Collections.Generic;
using System.Text;
using System.Configuration;
using System.Web.Configuration;

namespace AmitKumar.GeneralSite.Web.UI
{
    class CustomUpdateProfileSection : ConfigurationSection
    {
        private static CustomUpdateProfileSection settings = ConfigurationManager.GetSection("CustomUpdateProfileSection") as CustomUpdateProfileSection;
        public static CustomUpdateProfileSection Settings
        {
            get
            {
                return settings;
            }
        }
        [ConfigurationProperty("UpdateProfileUserDomain", DefaultValue = "v4", IsRequired = true)]
        public string UpdateProfileUserDomain
        {
            get { return (string)this["UpdateProfileUserDomain"]; }
            set { this["UpdateProfileUserDomain"] = value; }
        }

        [ConfigurationProperty("UpdateProfileUserName", IsRequired = true)]
        public string UpdateProfileUserName
        {
            get { return (string)this["UpdateProfileUserName"]; }
            set { this["UpdateProfileUserName"] = value; }
        }
        [ConfigurationProperty("UpdateProfileUserPassword", IsRequired = true)]
        public string UpdateProfileUserPassword
        {
            get { return (string)this["UpdateProfileUserPassword"]; }
            set { this["UpdateProfileUserPassword"] = value; }
        }

    }
}


Step 3: Sign the assembly with the strong name and deploy in the GAC.
Step 4: Define the custom section in the Web.Config file



Note: "AmitKumar.Web.UI.CustomUpdateProfileSection" is the name of the class. "AmitKumar" is the name of the Assembly.
Step 5: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use these buttons to encrypt and decrypt the sections of the web.config file. Add the following code in the button click event of the two buttons:


public void btnEncrypt_OnClick(object sender, EventArgs e)
{
    try
    {
        System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection objSection = config.GetSection("CustomUpdateProfileSection");
        if ((config != null) && (!objSection.SectionInformation.IsProtected))
        {
            if (!objSection.ElementInformation.IsLocked)
            {
                objSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
                config.Save();
                this.lblCustomError.Visible = false;
                this.lblSuccess.Text = "Successfully Encrypted, Kindly check the Web.Config file.";
                this.lblSuccess.Visible = true;
            }                
        }         
             
    }
    catch (Exception ex)
    {
        string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
        this.lblCustomError.Text = strErrorMsg;
        this.lblCustomError.Visible = true;
    }
}

public void btnDecrypt_OnClick(object sender, EventArgs e)
{
    try
    {
        System.Configuration.Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection objSection = objConfig.GetSection("CustomUpdateProfileSection");
        if (objConfig != null && objSection.SectionInformation.IsProtected)
        {
            if (!objSection.ElementInformation.IsLocked)
            {
                objSection.SectionInformation.UnprotectSection();
                objConfig.Save();
                this.lblCustomError.Visible = false;
                this.lblSuccess.Text = "Successfully Decrypted, Kindly check the Web.Config file.";
                this.lblSuccess.Visible = true;
            }                 
        }              
             
    }
    catch (Exception ex)
    {
        string strErrorMsg = "Error, DateTime :" + DateTime.Now.ToLongTimeString() + ", Error : " + ex.Message.ToString() + ", Stack Trace : " + ex.StackTrace.ToString();
        this.lblCustomError.Text = strErrorMsg;
        this.lblCustomError.Visible = true;
    }
}

Comments

Post a Comment

Popular posts from this blog

Sitecore GraphQL Queries

Image
This article will provide the details about Sitecore GraphQL queries usage and how it will be useful in creating Sitecore projects especially Sitecore JSS projects. The topics covered under this Sitecore GraphQL article are: •    Overview of Sitecore GraphQL (GQL) •    Setup GraphQL (GQL) in Sitecore •    Usage of Sitecore GraphQL (GQL) in Sitecore JSS •    GraphQL (GQL) Queries Usage         o   Get an item by path and show field id and name       o   Return the name and value from all fields       o   Get the values of Treelist or Multilist field type       o   Get the template field details with values of current item       o   Get the field values using Aliases       o   Return a specific field with Alias ...
Read more

Sitecore Experience Manager Cloud (XM Cloud) Building blocks

Image
Sitecore Experience Manager Cloud, or XM Cloud is a game-changing force in the field of digital experience management in the age of cloud computing. We must identify the fundamental components that make up this cutting-edge platform in order to fully appreciate its capabilities. Join us as we dissect the fundamental elements that make up the Sitecore Experience Manager Cloud (or XM Cloud) architecture and investigate how they work together to produce a dynamic, scalable, and customized digital experience environment. Sitecore XM Cloud Overview    The SaaS enterprise-ready , cloud-native CMS from Sitecore called the Experience Manager Cloud (XM Cloud) allows for the creation of content only once and delivers it to every channel for exceptional client experiences. Developers and marketers can q...
Read more

Configuring Sitecore Next.js Headless SXA Multisite App in a Sitecore Container

Image
Leading digital experience platform Sitecore offers strong capabilities for developing reliable websites and applications. The headless CMS and Jamstack architecture trends have been very popular in recent years. Sitecore provides Headless SXA (Sitecore Experience Accelerator) as a solution to decouple the front-end presentation layer from the content management capabilities since it recognizes the value of headless capabilities. In this article, we will guide you through the process of configuring a Sitecore Next.js multisite app and integrating it with Headless SXA in a Sitecore container. This setup allows you to leverage the benefits of Next.js, a popular React framework for server-side rendering, and the flexibility of Headless SXA for managing and delivering content. Table of Contents Step 1: Set Up the Sitecore Container Step 2: Add support for Sitecore SXA in Sitecore Headless Container setup St...
Read more