I want to disalbe fips in asp .net x64 application. In web.config I added
<runtime>
<enforceFIPSPolicy enabled = "false">
</runtime>
I set debug to false.
However my application do not work. Should I declare runtime section in < configSections > ? If yes then is it a proper line
<section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>
Solution only works for IIS >= 7.5
It doesn t look like IIS allows you to manipulate this setting through a web application s web.config. One work-around is to create a dedicated App Pool (or multiple), and configure the App Pool s CLR with FIPS enforcement disabled. IIS 7.5 introduced a CLRConfigFile property that you can use to specify an App Pool s .NET configuration file. This gives us more granular control over which applications the configuration impacts - instead of the shotgun approach where we disable it in machine.config or the group policy setting.
1.Create a configuration file, c:inetpubAppPoolClrConfig
oFipsWeb.config, with the following content (the location and name of the file is immaterial):
<configuration>
<runtime>
<enforceFIPSPolicy enabled = "false" />
</runtime>
</configuration>
2.Grant read permissions on the file to the identity under which the App Pool runs:
icacls c:inetpubAppPoolClrConfig
oFipsWeb.config /grant "IIS APPPOOLYourAppPoolName":(R)
3.Configure the App Pool to load this config file by setting the pool s CLRConfigFile property:
cmd:
%windir%System32inetsrvappcmd.exe set config -section:system.applicationHost/applicationPools /[name= {AppPoolName} ].CLRConfigFile:"{FilePath}" /commit:apphost
sample:
%windir%System32inetsrvappcmd.exe set config -section:system.applicationHost/applicationPools /[name= YourAppPoolName ].CLRConfigFile:"c:inetpubAppPoolClrConfig
oFipsWeb.config" /commit:apphost
Due to a bug in IIS 7.5, we need to also clear the managedRuntimeLoader property or else the CLRConfigFile will be ignored:
%windir%System32inetsrvappcmd.exe set config -section:system.applicationHost/applicationPools /[name= YourAppPoolName ].managedRuntimeLoader:"" /commit:apphost
4.Restart IIS. Your Asp.NET applications that are using the App Pool above should now be ignoring FIPS.
Credits to:
Scott Forsyth for explaining how to configure an app pool to use a different CLR file than the standard aspnet.config file.
Jose Reyes for documenting the bug in IIS 7.5 that ignored the CLRConfigFile Property
In my webpages I have references to js and images as such: "../../Content/Images/"Filename" In my code if I reference a file as above, it doesnt work so i have to write: "c:/miscfiles/"filename" 1-...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
I m looking for best practices here. Sorry. I know it s subjective, but there are a lot of smart people here, so there ought to be some "very good" ways of doing this. I have a custom object called ...
I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...
i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...
For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!