how to encrypt my webconfig file

Question

User286910929 posted

hi

This is my code..

<location path="d.aspx">
  <system.web>
  
   <authorization>
       <allow users="User4"/>
       <deny users="*"/>  
    </authorization>

  </system.web>
</location>
<location path="e.aspx">
  <system.web>
  
   <authorization>
       <allow users="User2"/>
       <deny users="*"/>  
    </authorization>

  </system.web>
</location>

If any one opens then it should shows encrypt data..

how to do so..?

Thanks 

Answer 1

User-1822989843 posted

Check this link:

http://www.dotnetvishal.com/2012/11/encrypt-your-webconfig.html

Answer 2

User-782344923 posted

<location path="d.aspx">
  <system.web>
  
   <authorization>
       <allow users="User4"/>
       <deny users="*"/>
    </authorization>

  </system.web>
</location>
<location path="e.aspx">
  <system.web>
  
   <authorization>
       <allow users="User2"/>
       <deny users="*"/>
    </authorization>

  </system.web>
</location>

Hi Priya,

Use this MSDN link to encrpt web.config file

http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

Let me know if any query remains

Cheers.

Answer 3

User286910929 posted

I used the above link

im getting this error why.. im using asp.net 2.0

Line 24:         //1.RSAProtectedConfigurationProvider
Line 25:         //2.DataProtectionConfigurationProvider
Line 26: ProtectSection("connectionStrings", Line 27:         "DataProtectionConfigurationProvider");
Line 28:     }

Answer 4

User-1822989843 posted

Try this:

EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

Refer this as well:

http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

Answer 5

User286910929 posted

Hi..

Can you post a complete code how to encrypt my webconfig and decrypt using asp.net button im using asp.net 2.0 C#...

Thank you

Answer 6

User286910929 posted

Try this:

EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

Refer this as well:

http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

error

Line 21:     protected void btnEncript_Click(object sender, EventArgs e)
Line 22:     {
Line 23: EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider"); Line 24:        
Line 25:     }

 

Answer 7

User286910929 posted

Try this:

EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

Refer this as well:

http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

This is my complete aspx c# page

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Web.Configuration;

public partial class Default2 : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    private void ProtectSection(string sectionName, string provider)
    {
        Configuration config =
            WebConfigurationManager.
                OpenWebConfiguration(Request.ApplicationPath);

        ConfigurationSection section =
                     config.GetSection(sectionName);

        if (section != null &&
                  !section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection(provider);
            config.Save();
        }
    }



    protected void Button1_Click(object sender, EventArgs e)
    {


        ProtectSection();
    }

    private void UnProtectSection(string sectionName)
    {
        Configuration config =
            WebConfigurationManager.
                OpenWebConfiguration(Request.ApplicationPath);

        ConfigurationSection section =
                  config.GetSection(sectionName);

        if (section != null &&
              section.SectionInformation.IsProtected)
        {
            section.SectionInformation.UnprotectSection();
            config.Save();
        }
    }

    void Application_Start(object sender, EventArgs e)
    {
        // Code that runs on application startup
        ProtectSection("appSettings", "DataProtectionConfigurationProvider");
        ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/identity", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/httpCookies", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/httpHandlers", "DataProtectionConfigurationProvider");
        //ProtectSection("system.web/compilation", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/authentication", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/membership", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/profile", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/roleManager", "DataProtectionConfigurationProvider");
        ProtectSection("system.web/pages", "DataProtectionConfigurationProvider");
        ProtectSection("system.webServer/validation", "DataProtectionConfigurationProvider");
        ProtectSection("system.webServer/handlers", "DataProtectionConfigurationProvider");

    }

    void Application_End(object sender, EventArgs e)
    {
        //  Code that runs on application shutdown

    }

    void Application_Error(object sender, EventArgs e)
    {
        // Code that runs when an unhandled error occurs

    }

    void Session_Start(object sender, EventArgs e)
    {
        // Code that runs when a new session is started

    }

    void Session_End(object sender, EventArgs e)
    {
        // Code that runs when a session ends.
        // Note: The Session_End event is raised only when the sessionstate mode
        // is set to InProc in the Web.config file. If session mode is set to StateServer
        // or SQLServer, the event is not raised.

    }
    protected void Button2_Click(object sender, EventArgs e)
    {
        UnProtectSection();
    }
}

Im getting this error

Compiler Error Message: CS1501: No overload for method 'ProtectSection' takes '0' arguments

Source Error:

Line 41: Line 42: Line 43: ProtectSection(); Line 44: } Line 45:

Why 

Answer 8

User-1822989843 posted

May I know what is the error? You are not using any connection string in your web.config.. That is why u are getting the error..

That is not possible using this method.. Bye the way what portion do you want to get encrypted//

Here is links to start with:

http://sharpertutorials.com/webconfig-encryption/

http://adamjohnston.me/2012/10/19/encrypting-asp-net-appsettings-web-config-file/

http://geekswithblogs.net/afeng/archive/2006/12/10/100821.aspx

http://msdn.microsoft.com/en-us/library/zhhddkxy%28v=vs.100%29.aspx

Answer 9

User286910929 posted

Hi..

I have my webconfig file in that i need to encrypt this secctions 

connectionStrings,system.web/authentication,system.web/httpCookies

Let me know how would be my c# code...

Thank you

Answer 10

User286910929 posted

I need to encrypt this

<location path="a.aspx">
<system.web>

<authorization>
<allow users="User1,User2"/>
<deny users="*"/>
</authorization>

</system.web>
</location>

so how would be my code

 WebConfigEncryption.EncryptSection("");

For connection string i used below its working fine

 WebConfigEncryption.EncryptSection("connectionStrings");

Answer 11

User71929859 posted

Hello,

Priya_here

If any one opens then it should shows encrypt data..

how to do so..?

If you are talking about users opening the web.config file through the browser, then you don't have to worry about it. web.config is by default highly secured and cannot be access through a web request. 

If you need to encrpyt your web.config file when someone physically opens it, the following MSDN article will help you to acheive it.

http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx