Using IisConfigCrypt in Full Trust Environment

In full trust environment you only need file-level access to your web site. Also the request identity (user under which is your ASP.NET application running) must have rights to write to your web.config file.

Installing the handler

You need just copy the assembly (Altairis.Web.Configuration.Encryption.dll) to the bin folder of your application. Then you must register the HTTP handler in the web.config file.

For IIS 6.x and lower (or IIS 7.x in backward compatibility mode) you need to register your handler in the system.web section, such as:

<configuration>
    <system.web>
        <httpHandlers>
            <add path="some_path_to_handler.axd" verb="*" type="Altairis.Web.Configuration.Encryption.CryptoTaskHandler, Altairis.Web.Configuration.Encryption"/>
        </httpHandlers>
    </system.web>
</configuration>

For IIS 7.0 and higher (in default integrated pipeline mode) you need to register your handler in the system.webServer section:

<configuration>
    <system.webServer>
        <handlers>
            <add name="AltairisCryptoTaskHandler" path="some_path_to_handler.axd" verb="*" type="Altairis.Web.Configuration.Encryption.CryptoTaskHandler, Altairis.Web.Configuration.Encryption"/>
        </handlers>
    </system.webServer>
</configuration>

Using and disabling the handler

Then you point your browser to http://yourserver/some_path_to_handler.axd and use the web interface to encrypt the critical configuration sections.

After you are done, delete the handler mapping added in previous steps. The handler is not intended to be installed permanently and its persistent mapping does pose security risk.

Last edited Sep 27, 2010 at 1:28 AM by altair, version 1

Comments

No comments yet.