Microsoft.Web.Administration.ServerManager can't read config sections containing encrypted passwords in applicationHost.config
Posted
by
Dylan Beattie
on Stack Overflow
See other posts from Stack Overflow
or by Dylan Beattie
Published on 2009-07-08T15:16:06Z
Indexed on
2012/11/13
11:02 UTC
Read the original article
Hit count: 567
I have some sites in IIS7 that are configured to run as domain users (MYDOMAIN\someuser).
I'm using the Microsoft.Web.Administration namespace to scan my server configuration, but it's throwing an exception when I hit one of these "impersonator" sites:
using (ServerManager sm = new ServerManager()) {
foreach (Site site in sm.Sites) {
foreach (Application app in site.Applications.Reverse()) {
foreach (VirtualDirectory vdir in app.VirtualDirectories.Reverse()) {
var config = app.GetWebConfiguration();
foreach (var locationPath in config.GetLocationPaths()) {
// error occurs in GetLocationPaths()
}
}
}
}
}
The actual error message is:
COMException was unhandled
Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config
Line number: 279
Error: Failed to decrypt attribute 'password' because the keyset does not exist
It appears that IIS is storing the MYDOMAIN\someuser password encrypted in applicationHost.config, which is great in terms of security - but I have no idea how to get the ServerManager to decrypt this.
Any tips on how I can either allow ServerManager to decrypt this, or just tell IIS to store the passwords in plain text?
This is on IIS7 under Windows 7 RC, by the way.
© Stack Overflow or respective owner