none
Web.config cypher RRS feed

  • Question

  • Hi,

    I'm using aspnet_regiis to cipher web.config sections.

    To avoid changes in code, I'm ciphering all the appSetting section. Is there a significant performance  impact on this? I mean, Is a decipher being made on every appSettings access or the appSettings deciphered values are kept in cache, resulting in only the first access being deciphered? 

    I know I could put the sensitive settings on a custom section and use aspnet_regiis to cipher only that custom section, but then I would have to change every place in code the .AppSettings["xyz"] to .MyCustomSettings["xyz"] and really need to avoid that.

    Thanks,

    DD

    Wednesday, November 2, 2016 5:28 PM

Answers

  • Hi DD,

    Thanks for more detailed information.

    >> Is a decipher being made on every appSettings access or the appSettings deciphered values are kept in cache, resulting in only the first access being deciphered?

    In my option, the appSettings deciphered values are calculated once and then cached across subsequent request like normally configuration settings.

    These settings are calculated once and then cached across subsequent requests. ASP.NET automatically watches for file changes and re-computes the cache when any of the configuration files change within that file's hierarchy. When the server receives a request for a particular URL, ASP.NET uses the hierarchy of configuration settings in the cache to find the requested resource.

    You could refer the link below for more information.

    # Calculating Configuration Settings at Run Time

    https://msdn.microsoft.com/en-us/library/ms178685.aspx

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by junidev Wednesday, November 9, 2016 5:05 PM
    Friday, November 4, 2016 7:05 AM

All replies

  • Hi DD,

    >> I'm using aspnet_regiis to cipher web.config sections.

    Could you share us more information about what you want to do? Based on my understanding, aspnet_regiis is used to register ASP.NET applications with IIS, it would not change web.config sections. You could refer the link below for tasks what aspnet_regiis can perform.

    # ASP.NET IIS Registration Tool (Aspnet_regiis.exe)

    https://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx

    Based on your description, it seems you want to change appSetting section in web.config. As my experience, after you change any values for AppSettings["xyz"], the new value will work for your application. Do you have any problem after you change any value in web.config?

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, November 3, 2016 2:36 AM
  • Hi Edward,

    See this: Encrypting and Decrypting Configuration Sections

    sample: aspnet_regiis -pe "connectionStrings" -app "/myVDir"

    Note: You can see the options pe, pd, pi, px,... in the link you mentioned # ASP.NET IIS Registration Tool (Aspnet_regiis.exe)


    • Edited by junidev Thursday, November 3, 2016 11:29 AM
    Thursday, November 3, 2016 11:17 AM
  • Hi DD,

    Thanks for more detailed information.

    >> Is a decipher being made on every appSettings access or the appSettings deciphered values are kept in cache, resulting in only the first access being deciphered?

    In my option, the appSettings deciphered values are calculated once and then cached across subsequent request like normally configuration settings.

    These settings are calculated once and then cached across subsequent requests. ASP.NET automatically watches for file changes and re-computes the cache when any of the configuration files change within that file's hierarchy. When the server receives a request for a particular URL, ASP.NET uses the hierarchy of configuration settings in the cache to find the requested resource.

    You could refer the link below for more information.

    # Calculating Configuration Settings at Run Time

    https://msdn.microsoft.com/en-us/library/ms178685.aspx

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by junidev Wednesday, November 9, 2016 5:05 PM
    Friday, November 4, 2016 7:05 AM