CodeKicks.com
Focus on Microsoft Technologies - Tutorials, Articles, Code Samples.

Wednesday, March 21, 2007

Encrypting Configuration Information - Encrypting web.config and app.config

Encrypting the web.config or app.config using the aspnet_regiis.exe Command-Line Tool

You can encrypt and decrypt sections in the Web.config file using the aspnet_regiis.exe command-line tool.

-- Generic form for encrypting the Web.config file for a particular website...
aspnet_regiis.exe -pef section physical_directory –prov provider
-- or --
aspnet_regiis.exe -pe section -app virtual_directory –prov provider


-- Concrete example of encrypting the Web.config file for a particular website...
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite" –prov "DataProtectionConfigurationProvider"
-- or --
aspnet_regiis.exe -pe "connectionStrings" -app "/MySite" –prov "DataProtectionConfigurationProvider"


-- Generic form for decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf section physical_directory
-- or --
aspnet_regiis.exe -pd section -app virtual_directory


-- Concrete example of decrypting the Web.config file for a particular website...
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
-- or --
aspnet_regiis.exe -pd "connectionStrings" -app "/MySite"

There are some configuration sections that you cannot encrypt using this technique:

processModel
runtime
mscorlib
startup
system.runtime.remoting
configProtectedData
satelliteassemblies
cryptographySettings
cryptoNameMapping
cryptoClasses

Encryption Options
  • The Windows Data Protection API (DPAPI) Provider (DataProtectionConfigurationProvider) - this provider uses the built-in cryptography capabilities of Windows to encrypt and decrypt the configuration sections.
  • RSA Protected Configuration Provider (RSAProtectedConfigurationProvider) - uses RSA public key encryption to encrypt/decrypt the configuration sections.
Encrypting Configuration Settings in ASP.NET Version 1.x
Continue...

Post a Comment