Answered by:
web config encryption

Question
-
User-541003552 posted
Is is possible to encrypt the web config file after deployment and if possible how do i do dat
Thursday, September 5, 2013 12:10 PM
Answers
-
User1564875471 posted
People usually don't encrypt the whole file, they encrypt only the sensitive sections thta contains the user/passwords. Examples on these sections are "connectionStrings" and "Imporsenate" sections.
Here is an example using the aspnet_regiis tool
http://msdn.microsoft.com/library/dtkwfdky.aspx
Of course, the tool need to be run on the server which hosts your app, so you need to have remote admin access to the server.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 5:34 PM -
User368552557 posted
Here are the commands to encrypt web.config file without any programming...
For encryption
aspnet_regiis -pef "Section" "Path exluding web.config"
For Decryption
aspnet_regiis -pdf "Section" "Path exluding web.config"
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 9:12 PM -
User-1635195291 posted
Hi KeeEdwins,
I believe there are two ways of doing this:
using aspnet_regiis using DPAPI or RSA, or doing it programmatically.
The programmatic way can be handy, particularly if you also like to encrypt app.config.
From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:
- Copy config DLL to GAC.
- Perform encryption.
- Remove config DLL from GAC.
Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.
Source: Encrypting Web.Config
Hope this helps.
Thanks,
Jatin
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 9:28 PM -
User-1961616419 posted
Read the following articles. it will surely help you.
How to Encrypt connection string in web.config | How to Decrypt connection string in web.config
Encrypt and Decrypt connectionString in web.config file using code in asp.net
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, September 6, 2013 7:59 AM -
User-1454326058 posted
Hi KeeEdwins,
Thanks for your post!
Based on my test. we will get that error if we run it without administrator permissions. So I suggest that you can run your VS as administrator.
I also tried to publish that project and it works fine.
Thanks
Best Regards
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, September 9, 2013 1:50 AM
All replies
-
User1564875471 posted
People usually don't encrypt the whole file, they encrypt only the sensitive sections thta contains the user/passwords. Examples on these sections are "connectionStrings" and "Imporsenate" sections.
Here is an example using the aspnet_regiis tool
http://msdn.microsoft.com/library/dtkwfdky.aspx
Of course, the tool need to be run on the server which hosts your app, so you need to have remote admin access to the server.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 5:34 PM -
User368552557 posted
Here are the commands to encrypt web.config file without any programming...
For encryption
aspnet_regiis -pef "Section" "Path exluding web.config"
For Decryption
aspnet_regiis -pdf "Section" "Path exluding web.config"
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 9:12 PM -
User-1635195291 posted
Hi KeeEdwins,
I believe there are two ways of doing this:
using aspnet_regiis using DPAPI or RSA, or doing it programmatically.
The programmatic way can be handy, particularly if you also like to encrypt app.config.
From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:
- Copy config DLL to GAC.
- Perform encryption.
- Remove config DLL from GAC.
Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.
Source: Encrypting Web.Config
Hope this helps.
Thanks,
Jatin
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, September 5, 2013 9:28 PM -
User-1961616419 posted
Read the following articles. it will surely help you.
How to Encrypt connection string in web.config | How to Decrypt connection string in web.config
Encrypt and Decrypt connectionString in web.config file using code in asp.net
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, September 6, 2013 7:59 AM -
User-541003552 posted
hi trying to use the code behind method but this is the error i get
System.Security.Cryptography.CryptographicException: Object already exists.
How can i fix it.
This is the code below
protected void BtnEncrypt_Click(object sender, EventArgs e) { Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection configSect = confg.GetSection(section); if (configSect != null) { configSect.SectionInformation.ProtectSection(provider); confg.Save(); } } protected void BtnDecrypt_Click(object sender, EventArgs e) { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection configSect = config.GetSection(section); if (configSect.SectionInformation.IsProtected) { configSect.SectionInformation.UnprotectSection(); config.Save(); } }
Friday, September 6, 2013 11:42 AM -
User-1426144113 posted
Hi,
Which line of code that you get that error?
Thanks
Saturday, September 7, 2013 10:43 AM -
User-1454326058 posted
Hi KeeEdwins,
Thanks for your post!
Based on my test. we will get that error if we run it without administrator permissions. So I suggest that you can run your VS as administrator.
I also tried to publish that project and it works fine.
Thanks
Best Regards
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, September 9, 2013 1:50 AM