E-Commerce User Guide : E-Commerce security : Secure web service
 
Secure web service
 
The web service uses built-in encryption and a passphrase. The passphrase is encrypted within the web.config file and is specified using a site config setting EncryptSvcComm. In addition, you can use SSL, VPN or a secured network for an additional layer of security.
 
To set and configure the passphrase for the web service:
1. Locate and define the following key within the web.config: <PassPhrase SitePassPhrase="S1r1uzW@r3" />
 
Note: The value for this setting may be different in your web.config file.
 
2. If the value you used for PassPhrase is different, you must replace the SitePassPhrase in this setting <PassPhrase SitePassPhrase="S1r1uzW@r3" /> with your PassPhrase before proceeding.
3. Save the changes to the siteconfig.config file and exit the text editor.
4. From a command prompt, navigate to: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319.
5. Run the following commands:
 
aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
aspnet_regiis -pa "NetFrameworkConfigurationKey" "Network Service"
aspnet_regiis -pe PassPhrase -app sitelocation
 
Note: If you get an, "RSA Key Container was not found," error when running the first command above, try issuing the command:
 
aspnet_regiis -pc "NetFrameworkConfigurationKey" –exp
 
Then, rerun all three commands. If you get any other error, stop and contact Siriusware Technical Support.
 
Note: The sitelocation is relative to the root web site. So if your E-Commerce pages are installed in C:\Inetpub\wwwroot\E-Commerce, you would use /E-Commerce for sitelocation.
 
View your web.config file to verify that the new section after </appSettings> is in fact encrypted. It looks something like the following:
 
<PassPhrase configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>G5cbEK/EJPafzpfVhS/HlBreZMKIvgrR5Z0opTHvSLYRng1sxkRDjEyj7J1Rqd3cmpezxQLCu3NeFLiueYd4n3jGeH0RFg3wJFcG/t0fnPG2LsFXhREdPMX88L5Pc4NN86a2xLYfZIxkE6exE2I5tJlemdv+EyK5WsMHCpt6EL4=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>LiBJG/qV8md4KsxxI/JP23/rfs7m0VveTjeibucny6P0gXbrnviT6HTe0O7kv+990st77HXJ22w=</CipherValue>
</CipherData>
</EncryptedData>
</PassPhrase>
 
Note: The <CipherValue> here won’t be the same as your <CipherValue>.