Using aspnet_regiis.exe to encrypt web.config changes euro sign to gibberish

0
votes

I am using a PowerShell script to automatically encrypt certain sections of my web.config after deploying my WebApplication using Release Management. In this PowerShell script I make use of aspnet_regiis.exe to perform the encryption for me as follows:

$AspNetRegIisLocation = "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
& $AspNetRegIisLocation -pef $configSection $configPath

With the $configSection and $configPath being correctly defined, as the encryption is working successfully. Sadly it causes the euro sign in one of the unencrypted sections to be corrupted from <sharedSettings currencyFormat="{0:€ #,##0}" /> to <sharedSettings currencyFormat="{0:€ #,##0}" />.

I have tried escaping the euro sign as &#8364; and setting the encoding="utf-8" both on and off at the top of my web.config. Neither of those solutions worked and I'm at a bit of a loss what I can do to prevent this from occurring again, apart from making the script copy all the sections prior to encrypting and reinserting the unencrypted sections afterwards.

edit: When this section is also encrypted, the displayed text on the website is also 'corrupted', which means that the solution of 'insert the unencrypted sections later' would not solve the case where the problem occurs in an encrypted section.

1
asp.netpowershellencryptionweb-configaspnet-regiis.exe

1 Answers

0
votes

Turns out the issue wasn't with the use of aspnet_iisreg but in the method of reading in the web.config in my PowerShell before using it.

aspnet_iisreg requires a work-around to encrypt custom config sections if their type resides in a dll not loaded in the GAC; you need to temporarily remove or comment out the configSections element they were defined in.

Sadly I used [xml](Get-Content $webConfigLocation) to read in the web.config (which hasn't caused trouble before, which is why I mistakingly blamed aspnet_iisreg). Instead I should have used $configXml = [xml](Get-Content -Encoding UTF8 $webConfigLocation) to force it to use UTF-8 encoding.

The script would then remove the configSections element with the sections that had to be encrypted and save it, corrupting the euro sign in the process. After encrypting the configsections with aspnet_iisreg it would read the web.config again, insert the previously removed elements, and then finally save it, causing an extra iteration of corruption.

Just in case anyone ever makes a similar stupid mistake, this answer can provide them with a possible solution.