locked
how to encrypt only the password in the web.config file RRS feed

  • Question

  • User-1410783915 posted

    For my asp.net web application, I have a connection string that uses a username and password. Is there a way to encrypt only the password? Also I need the encryption to not occur in the C# code. So if only the password is encrypted, how can I encrypt it not using the C# code? Does Visual Studio have any built in technology to encrypt a password?

    Wednesday, February 14, 2018 6:00 PM

Answers

  • User283571144 posted

    Hi Gleeming,

    Gleeming

    For my asp.net web application, I have a connection string that uses a username and password. Is there a way to encrypt only the password? Also I need the encryption to not occur in the C# code. So if only the password is encrypted, how can I encrypt it not using the C# code? Does Visual Studio have any built in technology to encrypt a password?

    As far as I know, we couldn't only encrypt the  password in the web.config file. We could just encrypt the whole connection string in web.config.

    According to your description, I suggest you could consider using the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file is processed.

    Command as below:

    ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebConfig"
    

    More details about how to use it, you could refer to below article.

    https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx

    https://www.codeproject.com/Tips/795135/Encrypt-ConnectionString-in-Web-Config

    Best Regards,

    Brando

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 15, 2018 5:15 AM