web config encryption

Question

User-541003552 posted

Is is possible to encrypt the web config file after deployment and if possible how do i do dat

Answer 1

User1564875471 posted

People usually don't encrypt the whole file, they encrypt only the sensitive sections thta contains the user/passwords. Examples on these sections are "connectionStrings" and "Imporsenate" sections.

Here is an example using the aspnet_regiis tool

http://msdn.microsoft.com/library/dtkwfdky.aspx

Of course, the tool need to be run on the server which hosts your app, so you need to have remote admin access to the server.

Answer 2

User368552557 posted

Here are the commands to encrypt web.config file without any programming...

For encryption

aspnet_regiis -pef "Section" "Path exluding web.config"

For Decryption

aspnet_regiis -pdf "Section" "Path exluding web.config"

Answer 3

User-1635195291 posted

Hi KeeEdwins,

I believe there are two ways of doing this:

using aspnet_regiis using DPAPI or RSA, or doing it programmatically.

The programmatic way can be handy, particularly if you also like to encrypt app.config.

From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:

• Copy config DLL to GAC.
• Perform encryption.
• Remove config DLL from GAC.

Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.

Source: Encrypting Web.Config

• How to Encrypt connection string in web.config
• Encrypt your web.config file

Hope this helps.

Thanks,

Jatin

Answer 4

User-1961616419 posted

Read the following articles. it will surely help you.

How to Encrypt connection string in web.config | How to Decrypt connection string in web.config

Encrypt and Decrypt connectionString in web.config file using code in asp.net

Answer 5

User-541003552 posted

hi trying to use the code behind method but this is the error i get

System.Security.Cryptography.CryptographicException: Object already exists.

How can i fix it.

This is the code below

  protected void BtnEncrypt_Click(object sender, EventArgs e)
    {
        Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection configSect = confg.GetSection(section);
        if (configSect != null)
        {
            configSect.SectionInformation.ProtectSection(provider);
            confg.Save();
        }
    }
    protected void BtnDecrypt_Click(object sender, EventArgs e)
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection configSect = config.GetSection(section);
        if (configSect.SectionInformation.IsProtected)
        {
            configSect.SectionInformation.UnprotectSection();
            config.Save();
        }
    }

Answer 6

User-1426144113 posted

Hi,

Which line of code that you get that error?

Thanks

Answer 7

User-1454326058 posted

Hi KeeEdwins,

Thanks for your post!

Based on my test. we will get that error if we run it without administrator permissions. So I suggest that you can run your VS as administrator.

I also tried to publish that project and it works fine.

Thanks

Best Regards