User2108892867 posted
Hello everyone, I have this requirement and here is the structure of my folder
~/user/manager/web.config
~/user/employee/web.config
So in each web.config, I have authorization rule for different roles:
<authorization>
<allow roles="Managers" />
<deny users="*"/>
</authorization>
and for employee
<authorization>
<allow roles="Employees" />
<deny users="*"/>
</authorization>
Now I want to encrypt both web.config files so it's hard for someone to modify the authorization section. My problem is when I encrypted it on development PC using this method
config.GetSection("system.web/authorization").ProtectSection();
and published it to the hosting server, the hosting server was not able to decrypt both the files. I understand that this is because both machines have different keys. Is there a way I can make it work on both machines? I read about storing RSA keys but
not sure if it's worth it since it's quite a process. I tried to specify machine key in the web.config. But still doesn't work.
One more option for me is to encrypt the web.config files on my hosting server and remember to replace them in the hosting server after publishing my site.
Is there a better to handle this?
Thanks for your input.
