DPAPI on Hosted Application?

I have an ASP.Net application that uses Forms Authentication and ASP.Net Roles security. Iam using the Microsoft DPAPIclass library to encrypt/decrypt my connection strings in my web.config.
I would like to know, if I use DiscountASP.Net to host my application will I be able to still use this encryption function? I am unable to use it with my current hosting provider?
Also does DiscountASP.Net offer Dedicated Web servers to go along with the dedicated SQL servers?

Thanks,
DaGmen.

 

I have implemented the DPAPI using User_Store method, on my local machine without any problems. I deployed my entire application to the discountasp.net server and now I get errors? It seems that DPAPI is NOT supported/allowed on hosted servers? What other options do I have for encrypting and decrypting my connection strings?


Thanks.

 

Thanks for trying to help, but I cancelled my account. This shared hosting is not suitable for my business.

 

This is exactly the same problem I am having. I am guessing his problem is this:


Access to the path 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\8j12nb5n.tmp' is denied.
Which you get when you try to protect the section on web config. I use the very same encryption mechanism for mine.

At this point I myself am a bit baffled as to what to do. I actually find it hard to believe that it should be so tough to encrypt configuration sections on a hosted environment. I've pretty much tried everything (everything one can do without access to key areas, which is understandable)

I am still researching this problem but certainly if you know how to effectively encrypt web.config on a shared environment please, let us know because 99.9% of everything you can find on MS or other KB sites miserably fails to mention shared hosting. One would think this is a tried requirement for everyone...

thanks
Madvox

 

I hear you say this (or read what you say)...and you can't imagine how many times I have asked myself the same question. I don't blame DASP because this happens on any other shared hosting environment. But like we said, there should be a straight forward solution rather than try to circumvent all these barriers. I mean what's the point of providing an encryption API if it requires admin permissions to run?

The thing is, there are solutions that we could use but they are not good. If you were to write your own encryption provider (which I did already) then you could handle it from within your classes. But if you also have membership and security services implemented for .NET then you've got to get those talking to your provider as well which completely defeats the purpose of having default security providers.

Well, let me say this... I will put another 24 hours into finding a solution. Perhaps DASP has encountered this problem before and has some advice. It is hard to believe also that none of the other .NET sites here are protecting their config data. Perhaps someone could share their two cents with us. I,like you,do not want to leave my config data open as much as I really like how everything else is working.

Madvox

 

Thanks Bruce.


I am also still researching this topic from a development perspective, but for now, I will keepweb.config open since everything else is working very well.


Madvox

 

I'm also experiencing this and possibly had some insight. Looking at this article http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspxit appears that the ASP.NET identity, which is likely "NT AUTHORITY\NETWORK SERVICE" needs read access to the default DPAPI or RSA key containers (the defautl one is named NetFrameworkConfigurationKey), which it likely doesn't have. Is it okay for webhost providers to run:
aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"

On all their servers? This would allow the apps to function normally I believe ...

Thanks