Read appSettings encrypted Web.config

Navigation
0

In an application that uses classic asp, I have a key called connection:asp30 and another call connection:asp60 . This application has several asp and other aspx pages.

I encrypted Web.config at the request of a client, use:

  

aspnet_regiis.exe -pef "appSettings" "D: \ Users \ rafael.barbosa \ Desktop \ Application-5.0" -prov "DataProtectionConfigurationProvider"

Okay.

.asp connections use connection:asp30 and .aspx connections use connection:asp60

When encrypted, the .aspx connections continued to run regularly, however .asp stopped working.

The .asp connection works as follows: 

  strConexao = GetXmlProp("connection:asp30", "")
  gstrConn = strConexao

  Set rst = Server.CreateObject("ADODB.Recordset")
  Set rstConf = Server.CreateObject("ADODB.Recordset")
  Set objConnection =  Server.CreateObject("ADODB.Connection")
  objConnection.Open gstrConn

Being the function: 

Function GetXmlProp(propName, stdvalue) Dim Node Dim cfgFile   Dim fso
      If IsEmpty(objXMLCfg) Or IsNull(objXMLCfg)  Then

    'determinar web.config
    cfgFile = Session("ApplicationRootPath") & "\web.config"

    Set fso = Server.CreateObject("Scripting.FileSystemObject")
        If Not fso.FileExists(cfgFile) Then       Response.Write "Atenção: arquivo " & cfgFile & " não encontrado."     End If
        Set fso = Nothing

    Set objXMLCfg = Server.CreateObject("Microsoft.XMLDOM")
    objXMLCfg.Async = False
    objXMLCfg.Load(cfgFile)   
           End If    
    Set Node = objXMLCfg.documentElement.selectSingleNode("/configuration/appSettings/add[@key='" & propName & "']")
     If Not Node Is Nothing Then
    GetXmlProp = Node.getAttribute("value")   Else
    GetXmlProp = stdvalue   End If
     End Function

What can I do to make my Web.config understood and the application also access the database in the .asp layer?

    
asked by anonymous 28.12.2015 / 17:38

1 answer

3

Once the file has been encrypted you can no longer access this "prov" section by ASP.

To solve your problem, and to make your client happy, I would use some Encrypter / Decrypter in ASP and put the encrypted connection string in another session in your web.config (a different path than the "prov") that did not pass through aspnet_regiis.

That is, your ASP would use its own encryption and its connection string would not be visible to anyone reading directly from the web.config file.

If the client does not like this solution, you can login through aspx, give a redirect to an asp, passing that connection string to a session variable and using it on the ASP side.

    
04.01.2016 / 15:29
How to configure jquery.maskedinput to accept only valid dates? How to know which activity is open, running?