Using IisConfigCrypt in Medium Trust Environment

In edium trust environment you need to have the Altairis.Web.Configuration.Encryption.dll assembly installed in Global Assembly Cache. This must be done by server administrator, such as your web hosting provider. Also the request identity (user under which is your ASP.NET application running) must have rights to write to your web.config file.

Installing assembly to GAC

This part must be performed by server administrator. You may install the assembly to GAC using GacUtil.exe (part of Windows SDK, but not installed by default) by performing the following command:

gacutil /i C:\path\to\Altairis.Web.Configuration.Encryption.dll


Or you may use the InstallUtil.exe, which is part of .NET Framework itself and mayt be found in its folder (ie. C:\Windows\Microsoft.NET\Framework\version). Use the following command:

installutil C:\path\to\Altairis.Web.Configuration.Encryption.dll


In both cases the result is exactly the same: assembly is installed to GAC.

Registering HTTP handler in web.config file

Now you must register the HTTP handler in the web.config file.

For IIS 6.x and lower (or IIS 7.x in backward compatibility mode) you need to register your handler in the system.web section, such as:

<configuration>
    <system.web>
        <httpHandlers>
            <add path="some_path_to_handler.axd" verb="*" type="Altairis.Web.Configuration.Encryption.CryptoTaskHandler, Altairis.Web.Configuration.Encryption, Version=1.0.0.0, Culture=neutral, PublicKeyToken=988407701b286445"/>
        </httpHandlers>
    </system.web>
</configuration>

For IIS 7.0 and higher (in default integrated pipeline mode) you need to register your handler in the system.webServer section:

<configuration>
    <system.webServer>
        <handlers>
            <add name="AltairisCryptoTaskHandler" path="some_path_to_handler.axd" verb="*" type="Altairis.Web.Configuration.Encryption.CryptoTaskHandler, Altairis.Web.Configuration.Encryption, Version=1.0.0.0, Culture=neutral, PublicKeyToken=988407701b286445"/>
        </handlers>
    </system.webServer>
</configuration>

Using and disabling the handler

Then you point your browser to http://yourserver/some_path_to_handler.axd and use the web interface to encrypt the critical configuration sections.

After you are done, delete the handler mapping added in previous steps. The handler is not intended to be installed permanently and its persistent mapping does pose security risk.

Last edited Sep 27, 2010 at 2:29 AM by altair, version 1

Comments

No comments yet.