Provider not found when encrypting web.config

Question

I'm trying to encrypt a custom section in a web.config file.
When I get to the line that calls ProtectSection(), I get an exception saying the provider isn't found.

Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);  
ConfigurationSection section = config.GetSection("MySection");  
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider"); 

I tried it with RSA as well and got the same error.
Running aspnet_regiis.exe works, but I need to do this programatically. What am I missing?

Thank you.

Answer 1

You are right to use `DataProtectionConfigurationProvider' (see here for the provider names - the provider name for dpapi doesn't have dpapi in it - but the provider for rsa does), however, your problem is that you can't run iisreg on a section named "MySection" - it has to be certain sections.

What the message means is that there is no provider available for use with that particular section.

To test your code, however, you might try it with "AppSettings" or "connectionStrings" or "system.net/mailSettings/smtp". - all of which work with aspnet_regiis.exe.

See this other Stack Exchange thread about how to encrypt custom sections.

Answer 2

If you are trying to us Windows Data Protection Provider shouldnt the parameter passed to ProtectSetion say "DpapiProtectedConfigurationProvider".

For RSA it should be "RsaProtectedConfigurationProvider" which is default and preffered option