What is the simplest and best way to Encrypt or Decrypt the configuration section in web.config file for VS 2010. Is there any difference between approaches used in vs2005 and vs2010 ?
The approach has not changed in a long time - use the aspnet_regiis.exe command line tool with the encryption parameters.
Related
What methods exist to include parameters (such as userid) into the setup.exe that users download from a server?
I'm looking for a way to give a customized installer to users that I already know (because they are logged in).
Is your question tied with some technology/installation system? Or you are researching which installation system to use to achieve this functionality?
In NSIS there is option to append custom data to installer, see this article: http://nsis.sourceforge.net/ReadCustomerData.
Maybe the easiest would be to send a setup_whateverparameter.exe filename instead of setup.exe...
A smarter approach would probably be to store parameter into a ressource file which would be edited from command line with some tool like http://www.reseditor.com/
Another one would be to generate a sort of INI file which would be packed with the original setup file using some installer software like Inno Setup (http://www.jrsoftware.org/isinfo.php) and the original installer would be configured to check if some ini file exists in a temporary location, to just use its content to do specific tasks.
Other possibilities might exists, thoses are just the one which might be the most easy to implement.
#elfrancesco hinted at Ninite and Patrick from Ninite got back to me with:
We put the installer id in a segment of the .exe that doesn't get
included in the hash for the signature. So we just sign our loader
.exe once whenever we update it and then our web server drops in the
key for each download.
I'm a huge fan of the addition of web.config transformations in Visual Studio 2010. See also Scott Hanselman's recent talk at MIX2011.
What sucks is that this functionality (appears at least) to only be available to web projects.
In our solution we have several Windows Services that connect to a different database dependant on the environment they are deployed under.
Has anyone come up with a nice, tidy way of achieving similar 'app.config transformation' functionality?
Note: We are using TFS 2010 to build our solutions in a Continuous Integration manner.
I realize you already have an answer, but I stumbled across SlowCheetah this morning which is the best implementation I've seen to date. There is also a blog post on getting this running from a CI server.
You can use the XML transformation functionality with any XML file - we do this all the time. It's available via an MSBuild task.
Try adding the following to your build script:
<UsingTask TaskName="TransformXml"
AssemblyFile="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.Tasks.dll"/>
<TransformXml Source="Path\To\Your\Xml.config"
Transform="Path\To\Your\Xml.$(Configuration).config"
Destination="Path\To\Your\Output.config" />
I wrote nice extension to automate app.config transformation like the one built in Web Application Project
Configuration Transform
Using Luke Bennett's answer to set me off on the right track. I found this to be the answer for us.
FTA (see link for code snippets):
Add a new property ProjectConfigFileName that points to your App.Config file
Add a version of App.Config for each configuration, i.e., App.Debug.config To have them nested under App.Config, edit your csproj file,
Import Microsoft.Web.Publishing.targets into your csproj file right after the Microsoft.CSharp.targets import.
Call the TransformXml task in your AfterBuild target. Note, the BeforeBuild and AfterBuild targets are commented out by default.
If you have multiple client assemblies and don't want to duplicate the same configuration data, I created Profigurator. It'll take a JSON file as input and apply the settings to an app.config or web.config.
It's a little rough as I write this, but I am currently using it on a production system for deploys and it works great.
I'm currently implementing a vsix extension tool window which will soon need a database connection string for querying some data to display to the developer in the tool window. I'd like to make this connection string configurable by the developer. As the developer is unlikely to change the config settings often a file would be sufficient.
Is it possible to just use an app.config file in the same folder as the sln file and if so must I use some custom configuration settings to wrap the file? NuGet seems to implement this approach but I don't fully understand the internal architecture to see how the config file is used.
I'd appreciate any alternative approaches too.
Edit:
I have since realised that the dynamic data the config store would serve must be solution specific so that a tool window used in one solution can use different properties to that of another solution. I guess one possibility would be to use the .settings file to store the location of a single config file that itself stores information related to different solutions.
The best place to store settings for a .vsix extension is to use a .settings file. In order to create one do the following
Right Click on the project and select "Properties"
Go to the Settings Tab
Click on the link to create a default settings file
This will create a couple of files in your solution.
Settings.settings
Settings.Designer.cs
Additionally it will bring up a designer from which new settings can be added. These can be accessed afterwards by using the Settings.Default static property
Been there and in my opinion the built-in mechanism works best, detailed walkthrough: http://msdn.microsoft.com/en-us/library/ff460144.aspx
Adding a note from self I can see that the underlying implementation uses system registry subkey. However after VSIX extension uninstalled all the keys are removed automatically so your extension is not polluting the system leaving orphaned entries.
We're creating an application that understands some command-line parameters. There are some default's we would like to supply on the command-line when debugging, and these are easily set in the project settings as explained here.
The thing is visual studio stores these settings in a *.csproj.user file, and the default settings for integrated source control do not check-in *.user files. We would like to just have these default command-line parameters in everyone's IDE when debugging this project.
Often (but not always) when visual studio guides you into doing things a certain way it is for good reason. We probably don't want to just check-in someone's .csproj.user file... right?
This question is has a few parts:
Why does Visual Studio store this
particular setting per user?
Is there a way to alter this behavior? - Would doing so bring bad juju?
Under these circumstances is it OK to check-in and share a .user file?
Is there a better way to accomplish what we are
trying to do here?
Thank you -
Maybe you could alter the program to optionally read its parameters from a configuration file as well as from the command-line (and then check-in a copy of that configuration file).
I would not recommend checking in the user file because, as you said, this is per user. If someone checks out your "default" user file and then makes any personalized configuration changes, those will be reflected back in the user file and (most likely) will be reflected in the source control.
If you want someone to set command-line parameters for debugging, I would adjust the project file to include these - don't include them in the user file. (It is okay to check in the .proj file, and I typically do for my team projects.)
In the visual studio project settings you can choose a strong name key file for signing the assembly. When creating a new one you can choose to protect it with a password. When should you do this? And when should you not?
I am thinking that it could for example be not so smart to protect it with a password if the project is an open source project hosted on Codeplex or similar. Or should it still be protected? Will people be unable to download the source and compile it if the key file is protected? Or, how does this work exactly?
In general, you should protect it with a password if you don't trust the people with access to it. Anyone with access to the key file can create an assembly with your strong name (unlike authenticode, they're not impersonating you, but they can get their assemblies to load instead of yours)
As for the open source scenario you described, people can always compile the code - they simply create a new key file, but the assemblies they create will not be loaded by assemblies that try to load your assemblies.