Click here to Skip to main content
Rate this: bad
Please Sign up or sign in to vote.
I want to know if it is possible to decrypt "DataProtectionConfigurationProvider" which is responsible in encrypting the connectionString in the web.config file. I am not the one who developed the system that is why I need to know the decrypted value. I have been searching for solutions or workarounds in google. So far, I have tried this in the Visual Studio Command Prompt:
aspnet_regiis.exe -pef "connectionStrings" "my web.config file path"
Unfortunately, I am getting this error:
Failde to decrypt using provider 'DataProtectionConfigurationProvider'. Error messafe from the provider: Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)... and so on.
I am decrypting it in a different computer.
Please help!
Thanks CodeProject peeps!
Posted 4-Oct-12 2:31am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I recommend you to look at They have many videos that can help you out. I recently watched a video on how to encrypt and decrypt configuration data such as connection string, etc...
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

I believe it should be '-pd' instead of '-pef' for decrypting.
MSDN: How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI[^]
MSDN: How to: Decrypt a web.config File[^]

Refer: Encrypting Configuration Information in ASP.NET 2.0 Applications[^]

-- Generic form for decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf section physical_directory
-- or --
aspnet_regiis.exe -pd section -app virtual_directory

-- Concrete example of decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
-- or --
aspnet_regiis.exe -pd "connectionStrings" -app "/MySite"
ernieball_26 at 4-Oct-12 23:54pm
Oops! I have typed it incorrectly, yes it should be '-pd' or '-pdf'. I was reading a lot of articles regarding my problem. It seems that there is a key which is generated by DPAPI. Since the application is running on a server, I assume that the key is also in there. My point now is, how's the key called (Master key? ect.)? Where can I find the key? Can I copy it and have it on my local machine?
Sandeep Mewara at 5-Oct-12 1:08am
Does it mean your issue is resolved and now you have few followup questions?
Did you go through the above links?
As such, it looks a standard algorithm to encrypt and decrypt.
ernieball_26 at 5-Oct-12 1:21am
My problem isn't solved yet. Yes, I've gone on all the links you've suggested. I'm now getting the error message:
"The configuration for physical path: cannot be opened." What seems to be the cause of this? I'm pretty sure I supplied it with the correct path.
Sandeep Mewara at 5-Oct-12 1:29am
Proper access permissions in place?
Try opening the command window as Administrator and then try to apply the script.
ernieball_26 at 5-Oct-12 1:44am
uhh! Same error message, "Key not valid for use in a specified state". Would it be possible if I re-encrypt it again?
Sandeep Mewara at 5-Oct-12 1:59am
Try and see!
Sandeep Mewara at 5-Oct-12 2:00am
As mentioned here:
before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

Rate this: bad
Please Sign up or sign in to vote.

Solution 3

Web.config File - ASP.NET[^] Useful article for you.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Zoltán Zörgő 220
1 Sergey Alexandrovich Kryukov 180
2 Peter Leow 160
3 BillWoodruff 85
4 bling 80
0 Sergey Alexandrovich Kryukov 9,543
1 OriginalGriff 6,901
2 Peter Leow 4,737
3 Zoltán Zörgő 4,404
4 CHill60 2,932

Advertise | Privacy | Mobile
Web01 | 2.8.150129.1 | Last Updated 15 May 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100