Tuesday, May 24, 2011

Encrypt appsettings in web.config


Below are the steps to do this

1)   Encrypt appsettings in web.config using Aspnet_regiis.exe
using Aspnet_regiis.exe you can encrypt whole section only not a particular key.so when you need to encrypt a particular key in appSettings things get complicated. Here is a roundabout way of doing this. Modify your web.config

2)   <configsections>
<section type="System.Configuration.NameValueSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="secureAppSettings" />

<appsettings>......</appsettings>

<secureappsettings>
<add key="ipwd" value="secure-password"/>
</secureappsettings>
</configsections>

3)   Under secureAppSettings you can add any key value pairs.

Also secureAppSettings is the name i had given. You can give any. Save this web.config file and go to visual studio command prompt

4)   Type

aspnet_regiis -pef secureAppSettings  “ur web.config path”  -prov DataProtectionConfigurationProvider


5)   In code you can access it as usual

NameValueCollection secureAppSettings = (NameValueCollection)ConfigurationManager.GetSection("secureAppSettings")
String str= secureAppSettings["ipwd"];