Click here to Skip to main content
11,796,393 members (71,577 online)
Rate this: bad
Please Sign up or sign in to vote.
I want to know if it is possible to decrypt "DataProtectionConfigurationProvider" which is responsible in encrypting the connectionString in the web.config file. I am not the one who developed the system that is why I need to know the decrypted value. I have been searching for solutions or workarounds in google. So far, I have tried this in the Visual Studio Command Prompt:

aspnet_regiis.exe -pef "connectionStrings" "my web.config file path"

Unfortunately, I am getting this error:

Failde to decrypt using provider 'DataProtectionConfigurationProvider'. Error messafe from the provider: Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)... and so on.

I am decrypting it in a different computer.

Please help!

Thanks CodeProject peeps!
Posted 4-Oct-12 1:31am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I recommend you to look at They have many videos that can help you out. I recently watched a video on how to encrypt and decrypt configuration data such as connection string, etc...
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

I believe it should be '-pd' instead of '-pef' for decrypting.

MSDN: How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI[^]
MSDN: How to: Decrypt a web.config File[^]

Refer: Encrypting Configuration Information in ASP.NET 2.0 Applications[^]

-- Generic form for decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf section physical_directory
-- or --
aspnet_regiis.exe -pd section -app virtual_directory

-- Concrete example of decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
-- or --
aspnet_regiis.exe -pd "connectionStrings" -app "/MySite"
ernieball_26 at 4-Oct-12 23:54pm
Oops! I have typed it incorrectly, yes it should be '-pd' or '-pdf'. I was reading a lot of articles regarding my problem. It seems that there is a key which is generated by DPAPI. Since the application is running on a server, I assume that the key is also in there. My point now is, how's the key called (Master key? ect.)? Where can I find the key? Can I copy it and have it on my local machine?
Sandeep Mewara at 5-Oct-12 1:08am
Does it mean your issue is resolved and now you have few followup questions?
Did you go through the above links?

As such, it looks a standard algorithm to encrypt and decrypt.
ernieball_26 at 5-Oct-12 1:21am
My problem isn't solved yet. Yes, I've gone on all the links you've suggested. I'm now getting the error message:

"The configuration for physical path: cannot be opened." What seems to be the cause of this? I'm pretty sure I supplied it with the correct path.
Sandeep Mewara at 5-Oct-12 1:29am
Proper access permissions in place?

Try opening the command window as Administrator and then try to apply the script.
ernieball_26 at 5-Oct-12 1:44am
uhh! Same error message, "Key not valid for use in a specified state". Would it be possible if I re-encrypt it again?
Sandeep Mewara at 5-Oct-12 1:59am
Try and see!
Sandeep Mewara at 5-Oct-12 2:00am
As mentioned here:

before you encrypt your web.config, add a machineKey section in you config file. that should solve the problem. here's a sample entry:

Rate this: bad
Please Sign up or sign in to vote.

Solution 3

Web.config File - ASP.NET[^] Useful article for you.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 570
1 Abhinav S 392
2 OriginalGriff 340
3 CPallini 269
4 KrunalRohit 249
0 OriginalGriff 2,012
1 Maciej Los 1,615
2 KrunalRohit 1,310
3 CPallini 1,015
4 Richard MacCutchan 828

Advertise | Privacy | Mobile
Web02 | 2.8.151002.1 | Last Updated 15 May 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100