Thursday, July 26, 2012

Encrypt web.cong files


Below are the steps to do this

1) Encrypt appsettings in web.config using Aspnet_regiis.exe
using Aspnet_regiis.exe you can encrypt whole section only not a particular key.so when you need to encrypt a particular key in appSettings things get complicated. Here is a roundabout way of doing this. Modify your web.config



2) Under AppSettings you can add any key value pairs.

Also secureAppSettings is the name i had given. You can give any. Save this web.config file and go to visual studio command prompt

3) Type

aspnet_regiis -pef secureAppSettings  “ur web.config path”  -prov DataProtectionConfigurationProvider


4) In code you can access it as usual

NameValueCollection secureAppSettings = (NameValueCollection)ConfigurationManager.GetSection("secureAppSettings")
String str= secureAppSettings["ipwd"];


For example to decrypt identity section
aspnet_regiis -pdf "system.web/identity" "C:\Inetpub\sampleapplication"