How to get the decrypted connection string from the Web.config file to establish a connection between IIS and MSSQL servers using pattern-based discovery?

Ihor Halytskyi · ‎09-22-2019

There is an application should be discovered by Service Mapping that consists of F5 BIG-IP load balancer, three Microsoft IIS Servers, and Microsoft SQL Server. ADO.NET data provider used to establish a connection between IIS and MSSQL.

The problem I was faced during discovering is about encrypted configuration. For discovering connection IIS Virtual Directory pattern used. I tried to discover using the OOB pattern with "ADO .NET connectivity" section. I got an encrypted connection string on the "fetch encrypted connection strings section" step. Then I tried to use "decrypt configs" step, but I got empty results.

I tried to use Aspnet_regiis.exe native tool which is installed by default with .Net for IIS, but I got a message "Decrypting configuration section... The configuration for the physical path cannot be opened Failed!". I think it could be caused by lack of permissions.

How could I get the decrypted connection string from the Web.config file to establish a DB connection? What prerequisites are for using OOB pattern "IIS Virtual Discovery" for discovering the encrypted connection?

Thanks.

Ihor Halytskyi · ‎12-12-2019

UPD [Resolved]:

I resolved it using the aspnet_regiis.exe tool for the decryption connection string within pattern extension.

I created an extension within the "IIS Virtual Directory" pattern. The extension contains some pretty simple steps.

1. Create a temporary directory on the server.

2. Copy Web.config file out of the application directory to the temporary directory.

3. Decrypt connection string. Use Parse Command Output. Command: "cd " + $aspnet_regiis_path + " & aspnet_regiis.exe -pdf connectionStrings $temp_dir"

4. Fetch decrypted connection string using parsing option.

5. Create a connection.

6. Remove a temporary directory.

kmlutz4sn · ‎08-03-2021

Hello Ihor,

I am running into this same issue where the connection string is encrypted. When you say that you copied the web config file...can you describe that step more? What function from SM did you use? Was it the entire contents of the file or just the encrypted string?

Thank you.

Michael Bateman · ‎02-07-2023

Did you ever get this working? I'm currently running into the same issue.

Richard Hine · ‎02-08-2023

I've not done this, but my assumption would be that Ihor used a step of type 'Parse Command Output' to create the directory and then another one to copy the file into the directory before parsing it.

Hope this helps,

Richard