Click here to Skip to main content
11,933,854 members (35,313 online)
Rate this:
Please Sign up or sign in to vote.
I want to know if it is possible to decrypt "DataProtectionConfigurationProvider" which is responsible in encrypting the connectionString in the web.config file. I am not the one who developed the system that is why I need to know the decrypted value. I have been searching for solutions or workarounds in google. So far, I have tried this in the Visual Studio Command Prompt:

aspnet_regiis.exe -pef "connectionStrings" "my web.config file path"

Unfortunately, I am getting this error:

Failde to decrypt using provider 'DataProtectionConfigurationProvider'. Error messafe from the provider: Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)... and so on.

I am decrypting it in a different computer.

Please help!

Thanks CodeProject peeps!
Posted 4-Oct-12 2:31am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I recommend you to look at They have many videos that can help you out. I recently watched a video on how to encrypt and decrypt configuration data such as connection string, etc...
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

I believe it should be '-pd' instead of '-pef' for decrypting.

MSDN: How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI[^]
MSDN: How to: Decrypt a web.config File[^]

Refer: Encrypting Configuration Information in ASP.NET 2.0 Applications[^]

-- Generic form for decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf section physical_directory
-- or --
aspnet_regiis.exe -pd section -app virtual_directory

-- Concrete example of decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
-- or --
aspnet_regiis.exe -pd "connectionStrings" -app "/MySite"
ernieball_26 4-Oct-12 23:54pm
Oops! I have typed it incorrectly, yes it should be '-pd' or '-pdf'. I was reading a lot of articles regarding my problem. It seems that there is a key which is generated by DPAPI. Since the application is running on a server, I assume that the key is also in there. My point now is, how's the key called (Master key? ect.)? Where can I find the key? Can I copy it and have it on my local machine?
Sandeep Mewara 5-Oct-12 1:08am
Does it mean your issue is resolved and now you have few followup questions?
Did you go through the above links?

As such, it looks a standard algorithm to encrypt and decrypt.
ernieball_26 5-Oct-12 1:21am
My problem isn't solved yet. Yes, I've gone on all the links you've suggested. I'm now getting the error message:

"The configuration for physical path: cannot be opened." What seems to be the cause of this? I'm pretty sure I supplied it with the correct path.
Sandeep Mewara 5-Oct-12 1:29am
Proper access permissions in place?

Try opening the command window as Administrator and then try to apply the script.
ernieball_26 5-Oct-12 1:44am
uhh! Same error message, "Key not valid for use in a specified state". Would it be possible if I re-encrypt it again?
Sandeep Mewara 5-Oct-12 1:59am
Try and see!
Sandeep Mewara 5-Oct-12 2:00am
As mentioned here:

before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

Rate this: bad
Please Sign up or sign in to vote.

Solution 3

Web.config File - ASP.NET[^] Useful article for you.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web01 | 2.8.151126.1 | Last Updated 15 May 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100