Encrypting elmah section of web.config file

0
votes

How can I encrypt the elmah section of my web.config file, so the SMTP server & login information is protected?

I've learned how to encrypt the connection strings, appSettings and other sections; using code or aspnet_regiis.exe.

However, when I try and encrypt the section, it tells me the section is not found.

Is there a trick to encrypting it?

Thanks, +M

2
encryptionweb-configelmah

2 Answers

1
votes

The information above is correct (that you need to target the "errorMail" or specific sub-section of the elmah group). However, the solution is more code than needed...

Here's a cleaner solution using just "elmah/errorMail". Solution:

string section = "elmah/errorMail";

Configuration config = WebConfigurationManager.OpenWebConfiguration(HttpRuntime.AppDomainAppVirtualPath);
// Let's work with the section 
ConfigurationSection configsection = config.GetSection(section);
if (configsection != null)
    // Only encrypt the section if it is not already protected
    if (!configsection.SectionInformation.IsProtected)
    {
        // Encrypt the <connectionStrings> section using the 
        // DataProtectionConfigurationProvider provider
        configsection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
        config.Save();
    }
0
votes

I tried using aspnet_regiis but had trouble specifying the section path. Switching to a code based approach, I enumerated the sections & learned there are SectionGroups, that only Sections can be encrypted, and that Elmah is a SectionGroup, so I need to encrypt the errorMail section under the elmah SectionGroup. I know a little more than yesterday.

This is the snippet, if it's useful to someone else down the line, from global.asax.cs:

    private static void ToggleWebEncrypt(bool Encrypt)
    {
        // Open the Web.config file.
        Configuration config = WebConfigurationManager.OpenWebConfiguration("~");

        //.... (protect connection strings, etc)

        ConfigurationSectionGroup gpElmah = config.GetSectionGroup("elmah");
        if (gpElmah != null)
        {
            ConfigurationSection csElmah = gpElmah.Sections.Get("errorMail");
            ProtectSection(encrypted, csElmah);
        }

        //.... other stuff
        config.Save();

    }


    private static void ProtectSection(bool encrypted, ConfigurationSection sec)
    {
        if (sec == null)
            return;
        if (sec.SectionInformation.IsProtected && !encrypted)
            sec.SectionInformation.UnprotectSection();
        if (!sec.SectionInformation.IsProtected && encrypted)
            sec.SectionInformation.ProtectSection("CustomProvider");
    }