Encrypt the connectionStrings in a machine.config file

In most environments, the Vendor Online Application and Vendor Online Price Survey application module environments are configured to use web.config files on the server; however, some state environments (like Missouri, for example) are configured to use a machine.config file instead to configure the Vendor Online Application and Vendor Online Price Survey application module environments on the server.

If your state environment is configured to use web.config files to configure the Vendor Online Application and Vendor Online Price Survey application module environments on the server, please refer to the Encrypt the connectionStrings in web.config files tutorial instead.

If your state environment is configured to use a machine.config file to configure the Vendor Online Application and Vendor Online Price Survey application module environments on the server, please proceed with the steps below to encrypt the machine.config file on the server.

Note

NOTE: The steps provided in this documentation are not intended for environments that use complex large load balanced or clustered IIS web farms. If your state’s environment uses a large load balanced or clustered IIS web farm, a shared or custom RSA key (or possibly even a custom provider) may be necessary to successfully encrypt the configuration files in your environment. Please see guidance on ASPNET_REGIIS switch options from Microsoft (or another preferred knowledge base) for more information about these advanced scenarios.

Complete the following steps to Encrypt the connectionStrings in a machine.config file:

1.        Log in or remotely connect as an administrator to the server where the Vendor Online Application and Vendor Online Price Survey application modules are deployed in your state's environment.

2.        Run the Command Prompt as an administrator. The Administrator: Windows Command Processor screen displays.

Administrator: Windows Command Processor screen

Note

NOTE: If the Windows Command Processor screen does not show "Administrator:" in the title bar text, then the Command Prompt is not running in administrator mode. The Command Prompt must be run as an administrator to successfully complete the steps in this tutorial.

3.        Change the directory to the {drive letter}:\Windows\Microsoft.NET\Framework\{version}\ folder for the .NET Framework Version that is currently running on the server in your state's environment.

Note

NOTE: In the path listed above, {drive letter} and {version} are variables that are unique to your state's environment.

Internet Information Services (IIS) Application Pools can be used to verify which .NET Framework Version is currently running on the server in your environment, Launch IIS Application Pools, select your state agency, and view Advanced Settings.

In most environments, Vendor Online Application and Vendor Online Price Survey run on 32-bit .NET Framework Version v2.0; however, your state's environment may differ.

For example, the image below depicts a Chickasaw environment that is running 64-bit .NET Framework Version v2.0.

IIS Application Pools - Advanced Settings screen

In the example above, the folder for the 64-bit .NET Framework Version v2.0 is {drive letter}:\Windows\Microsoft.NET\Framework64\{version}\.

Note

NOTE: In the path listed above, {drive letter} and {version} are variables that are unique to your state's environment.

However, the exact version number of the 64-bit .NET Framework Version v2.0 may differ in your state's environment. To determine the exact version number of the 64-bit .NET Framework Version v2.0 referenced in this example, enter the following command at the Command Prompt and press the Enter key on your keyboard:

cd c:\Windows\Microsoft.NET\Framework64\

The Command Prompt places focus within the c:\Windows\Microsoft.NET\Framework64\ folder.

Administrator: Windows Command Processor screen (c:\Windows\Microsoft.NET\Framework64\ folder)

Enter the following command at the Command Prompt and press the Enter key on your keyboard to see the directory list within the folder:

dir

The Command Prompt lists all files and folders within the current folder.

Administrator: Windows Command Processor screen (dir of c:\Windows\Microsoft.NET\Framework64\ folder)

In the depiction above, the folder for the .NET Framework Version v2.0 is c:\Windows\Microsoft.NET\Framework64\v2.0.50727\.

To place focus in the Windows\Microsoft.NET\Framework64\v2.0.50727\ folder, enter the following command at the Command Prompt and press the Enter key on your keyboard:

cd v2.0.50727

The Command Prompt places focus within the c:\Windows\Microsoft.NET\Framework64\v2.0.50727\ folder.

Administrator: Windows Command Processor screen (dir of c:\Windows\Microsoft.NET\Framework64\v2.0.50727 folder)

4.        Once you know the folder location of the .NET Framework Version that is currently running on the server in your environment, backup the current machine.config file on the server.

Typically, the machine.config file is stored in the same folder of the .NET Framework Version that is currently running on the server in your environment, but the path may differ in your state's environment.

OR

Note

NOTE: In the paths listed above, {drive letter} and {version} are variables that are unique to your state's environment.

5.        Once the machine.config file is backed up and the Command Prompt has focus placed within the .NET Framework Version that is currently running on the server, enter the following command and press the Enter key on your keyboard:

aspnet_regiis -pe "connectionStrings" -pkm

Note

NOTE: In the command above, the "connectionStrings" reference is case-sensitive and must be entered exactly as presented above. You can copy the command above and paste it by right-clicking on the Command Prompt window and selecting the Paste menu option from the menu that displays. Then, use the arrow keys on the keyboard to navigate to and change the {drive letter} and {agency} variables to match your state's environment.

If the command runs successfully, the connectionStrings section in the machine.config file for the Vendor Online Application and the Vendor Online Price Survey is now encrypted.

Administrator: Windows Command Processor screen (successful encryption of the connectionStrings in the machine.config file for VOA and VOPS)

6.        To confirm that the connectionStrings in the machine.config file were encrypted, open the machine.config file and locate the <connectionStrings> section. If the information displayed in the <connectionStrings> section is no longer in plain text, the encryption was a success.

Encrypted <connectionStrings> in a machine.config file

7.        Enter the following command at the Command Prompt and press the Enter key on your keyboard to reset Internet Information Services (IIS):

iisreset

IIS resets and the Command Prompt updates to show that IIS services were stopped and restarted.

Administrator: Windows Command Processor screen (iisreset)

If you need to decrypt the connectionStrings in the machine.config file at a later date, complete the steps in the Decrypt the connectionStrings in a machine.config file tutorial.

See Also:

|

Software Version: 2.40.00