App.config - encrypted section error:

Question

I have an application that encrypts a section in the configuration file. In the first time that I try to read the encrypted section from the config file I get an error message: "Unrecognized attribute 'configProtectionProvider'. Note that attribute names are case-sensitive. "

config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);  
// Get the section in the file.   
ConfigurationSection section = config.GetSection("EncryptedSection");


if (section != null)      
{           
    // Protect the section.
    section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
    section.SectionInformation.ForceSave = true;

    // Save the change.

    config.Save(ConfigurationSaveMode.Modified);  
}  
ConfigurationManager.RefreshSection("EncryptedSection");  
Properties.Settings.Default.Reset();

//This is the part where I read the encrypted section:

ConfigurationManager.RefreshSection("EncryptedSection");
System.Collections.IDictionary HSMMasterKeyConfig = (System.Collections.IDictionary)System.Configuration.ConfigurationManager.GetSection("EncryptedSection");

This only happens in the first time that I try to read the encrypted section. I have noticed that the .config file is getting updated immediately after the first save but from some reason I need to restart the application in order to use the encrypted section.

Answer 1

Have you read through this...

http://bytes.com/groups/net/521818-configurationerrorexception-when-reading-protected-config-section

... as it appears to be a conversation involving an MSFT support engineer that directly maps to your situation.

Answer 2

Try this: http://blog.whconsult.com/2009/04/07/UnrecognizedAttributeConfigProtectionProvider.aspx

Answer 3

The best way to do this will be to encrypt the app.config sections during installation only. Add an installer class to your project and override the Install method in the class. In this method you should perform the Encryption. You must call base.Install at the end of your overridden Install method. In the Setup Project goto Custom Actions and locate the Install custom action to be pointed with Your Project output [exe or assembly] which contains the definition of your Installer class implementation. This way it will Encrypt your app.Config sections during an installation straight and you will not face this problem. The application will automatically use DPAPI provider to read/write through sections or settings.

Hope this helps.

Thanks.

Ruchit S.

Answer 4

Try running your Exe in seperate Application Domain. Once your application is loaded in the new AppDomain, check if the Sections are encrypted or not. If not then Encrypt the section and trigger the AppDomain to unload and reload with your executable again.

Answer 5

For your reference the issue was that the process that was trying to encrypt the config section didn't have admin rights. I added this process to the administrators group and that solved it.