tags:

views:

23

answers:

1
+1  Q: 

Encrypt the configuration group System.ServiceModel in App.config

We are deploying a client app and need to encrypt the system.serviceModel configuration group. I have been searching on StackOverflow for the better part of the day for the best way to do this and most responses have either been "rename app.config to web.config, encrypt with the ASP.NET utilty, and deploy" or "override the install method to protect the sections".

We are using ClickOnce so app is installed on a per user basis so we'll probably use DPAPI per user.

I know how to encrypt/unencrypt sections via Protect/Unprotect section but I can't figure out the best place to call these.

Some shots in the dark:

Call protect on install, unprotect on app launch, and protect on app close.

Call protect on install, unprotect is automagically done. This confuses me as I cannot find the underlying ways that DPAPI does its magic and I don't trust something I don't understand.

+1  A: 

Why do you need to specifically "unprotect" on app launch? .NET will transparently decrypt those entries for you.

So basically:

  • encrypt on install on that machine that the file is going to reside on
  • use it just like always!

There's no need to keep decrypting the .NET configuration sections - .NET will do this as needed. This way, you can leave your MyApp.exe.config fully or partially encrypted, on disk, and only in memory, you'll have some entries that are decrypted.

Check out Jon Galloway's blog post on the topic.

marc_s  2010-06-23 05:32:19
Basically what I wanted to know was how DPAPI did its magic and how to make sure the magic worked for me. The link was very helpful. It is mistyped though, you pasted twice :) I debugged it... http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
Nate Noonen  2010-06-23 14:15:42
@Nate Noonen: thanks - fixed the link
marc_s  2010-06-23 14:46:02

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability