In my ongoing love (but mostly) hate relationship with ASP.NET Web ‘Site’s’ I’ve been using Web Deployment projects to make things more bearable.
I currently swap in connection strings from 3 files – one for each build configuration (debug, test, release – connectionstrings.debug.config etc ). This works fine as per the doco on WDP. I use CruiseControl.NET and NAnt to automate builds, and a few nagging ‘automated’ pieces were missing from the puzzle.
- Encryption of connectionStrings (or other web.config sections that you want to protect) – without affecting the ‘source’ file. I’ve assumed here that ‘internal’ people are trusted.
- Changing of other config stuff (like debug=false) in the test and release builds. (My attempts to get this to work had previously failed as you don’t seem to be able to specify system.web as a replaceable section.
- Encrypting Forms authentication passwords, using MD5 hash. This isn’t difficult, I just didn’t have a tool to generate the hash value.
Encryption of config sections
OK – after re-reading Scott Gu’s post on Web Deployment Projects, and K. Scott Allen’s post on how to simply encrypt sections of config files, I realised that I could just add a post-build event (manually) in the wdproj file (right-click in solution explorer –> open project file).
The build events are already in but commented at the bottom of the file. I ended up with
<Target Name=”AfterBuild”>
<Exec WorkingDirectory=”$(OutputPath)”
Command=”C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef connectionStrings .” />
<!– Also remove our ‘source’ config files using the del command rather than the delete task as you
have to jump through hoops to specify wildcards –>
<Exec WorkingDirectory=”$(OutputPath)” Command=”del compilation*.config” />
<Exec WorkingDirectory=”$(OutputPath)” Command=”del connectionstrings*.config” />
</Target>
If I put this anywhere other than ‘AfterBuild’ it didn’t seem to do anything. I certainly learnt a bit more about aspnet_regiis, as I’d only used it previously to ‘install’ ASP.NET. I also had to specify the path to aspnet_regiis, but you could obviously use a property for this (I’m new to MSBuild – only dipping in when I have to, so the framework path may already be a standard property?).
Replacement of system.web sections
The key thing here (which I don’t believe was documented very well anywhere) is how to replace system.web elements. Other typical replacements – e.g. appSettings or connectionStrings are children of the root config element. You’d therefore assume that you need to replace the whole of system.web (which is a little inconvenient – but still worth it). This doesn’t work and you’ll get a ‘nice’ WDP00002 error saying it can’t find the system.web element (a bit like saying ‘can’t find printer’ when it’s right next to the computer!).
You just have to go one level down as follows (in the Deployment –> Web.config file section replacements property page):
system.web/compilation=compilation.release.config
compilation.release.config may be as simple as…
<compilation debug=”false”></compilation>
You might have a warning saying ‘compilation’ isn’t a valid element, but this is just the intellisense barking as it validates against the config schema.
Encrypting Forms Authentication Passwords
This is pretty simple and there’s lots of docs to support this, but I wanted a simple tool to generate the hash for a given string, and a quick google yielded a nice little command-line tool…
This way you can plug it into your build if you need to, but also replace for different environments using the techniques above.