web.config encryption for different levels of folders RRS feed

  • Question

  • User2108892867 posted

    Hello everyone, I have this requirement and here is the structure of my folder



    So in each web.config, I have authorization rule for different roles:

    <allow roles="Managers" />
    <deny users="*"/>

    and for employee

    <allow roles="Employees" />
    <deny users="*"/>

    Now I want to encrypt both web.config files so it's hard for someone to modify the authorization section. My problem is when I encrypted it on development PC using this method


    and published it to the hosting server, the hosting server was not able to decrypt both the files. I understand that this is because both machines have different keys. Is there a way I can make it work on both machines? I read about storing RSA keys but not sure if it's worth it since it's quite a process. I tried to specify machine key in the web.config. But still doesn't work. 

    One more option for me is to encrypt the web.config files on my hosting server and remember to replace them in the hosting server after publishing my site. 

    Is there a better to handle this?

    Thanks for your input. 

    Tuesday, March 5, 2019 10:03 PM

All replies