locked
how to encrypt my webconfig file RRS feed

  • Question

  • User286910929 posted

    hi

    This is my code..

    <location path="d.aspx">
      <system.web>
      
       <authorization>
           <allow users="User4"/>
           <deny users="*"/>  
        </authorization>
    
      </system.web>
    </location>
    <location path="e.aspx">
      <system.web>
      
       <authorization>
           <allow users="User2"/>
           <deny users="*"/>  
        </authorization>
    
      </system.web>
    </location>




    If any one opens then it should shows encrypt data..

    how to do so..?

    Thanks 

    Tuesday, December 18, 2012 1:26 AM

Answers

All replies

  • Tuesday, December 18, 2012 1:29 AM
  • User-782344923 posted

    <location path="d.aspx">
      <system.web>
      
       <authorization>
           <allow users="User4"/>
           <deny users="*"/>
        </authorization>
    
      </system.web>
    </location>
    <location path="e.aspx">
      <system.web>
      
       <authorization>
           <allow users="User2"/>
           <deny users="*"/>
        </authorization>
    
      </system.web>
    </location>

    Hi Priya,

    Use this MSDN link to encrpt web.config file

    http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

    Let me know if any query remains

    Cheers.

    Tuesday, December 18, 2012 1:33 AM
  • User286910929 posted

    I used the above link

    im getting this error why.. im using asp.net 2.0

    Line 24:         //1.RSAProtectedConfigurationProvider
    Line 25:         //2.DataProtectionConfigurationProvider
    Line 26: ProtectSection("connectionStrings", Line 27:         "DataProtectionConfigurationProvider");
    Line 28:     }
    Tuesday, December 18, 2012 1:45 AM
  • User-1822989843 posted

    Try this:

    EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

    Refer this as well:

    http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

    Tuesday, December 18, 2012 1:53 AM
  • User286910929 posted

    Hi..

    Can you post a complete code how to encrypt my webconfig and decrypt using asp.net button im using asp.net 2.0 C#...

    Thank you

    Tuesday, December 18, 2012 1:54 AM
  • User286910929 posted

    Try this:

    EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

    Refer this as well:

    http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

    error

    Line 21:     protected void btnEncript_Click(object sender, EventArgs e)
    Line 22:     {
    Line 23: EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider"); Line 24:        
    Line 25:     }

     

    Tuesday, December 18, 2012 1:55 AM
  • User286910929 posted

    Try this:

    EncryptionUtility.ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");

    Refer this as well:

    http://forums.asp.net/t/1861114.aspx/1?Protecting+my+passwords+in+web+config

    This is my complete aspx c# page

    using System;
    using System.Data;
    using System.Configuration;
    using System.Collections;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Web.UI.HtmlControls;
    using System.Web.Configuration;
    
    public partial class Default2 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
    
        }
    
        private void ProtectSection(string sectionName, string provider)
        {
            Configuration config =
                WebConfigurationManager.
                    OpenWebConfiguration(Request.ApplicationPath);
    
            ConfigurationSection section =
                         config.GetSection(sectionName);
    
            if (section != null &&
                      !section.SectionInformation.IsProtected)
            {
                section.SectionInformation.ProtectSection(provider);
                config.Save();
            }
        }
    
    
    
        protected void Button1_Click(object sender, EventArgs e)
        {
    
    
            ProtectSection();
        }
    
        private void UnProtectSection(string sectionName)
        {
            Configuration config =
                WebConfigurationManager.
                    OpenWebConfiguration(Request.ApplicationPath);
    
            ConfigurationSection section =
                      config.GetSection(sectionName);
    
            if (section != null &&
                  section.SectionInformation.IsProtected)
            {
                section.SectionInformation.UnprotectSection();
                config.Save();
            }
        }
    
        void Application_Start(object sender, EventArgs e)
        {
            // Code that runs on application startup
            ProtectSection("appSettings", "DataProtectionConfigurationProvider");
            ProtectSection("connectionStrings", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/identity", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/httpCookies", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/httpHandlers", "DataProtectionConfigurationProvider");
            //ProtectSection("system.web/compilation", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/authentication", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/membership", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/profile", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/roleManager", "DataProtectionConfigurationProvider");
            ProtectSection("system.web/pages", "DataProtectionConfigurationProvider");
            ProtectSection("system.webServer/validation", "DataProtectionConfigurationProvider");
            ProtectSection("system.webServer/handlers", "DataProtectionConfigurationProvider");
    
        }
    
        void Application_End(object sender, EventArgs e)
        {
            //  Code that runs on application shutdown
    
        }
    
        void Application_Error(object sender, EventArgs e)
        {
            // Code that runs when an unhandled error occurs
    
        }
    
        void Session_Start(object sender, EventArgs e)
        {
            // Code that runs when a new session is started
    
        }
    
        void Session_End(object sender, EventArgs e)
        {
            // Code that runs when a session ends.
            // Note: The Session_End event is raised only when the sessionstate mode
            // is set to InProc in the Web.config file. If session mode is set to StateServer
            // or SQLServer, the event is not raised.
    
        }
        protected void Button2_Click(object sender, EventArgs e)
        {
            UnProtectSection();
        }
    }
    



    Im getting this error

    Compiler Error Message: CS1501: No overload for method 'ProtectSection' takes '0' arguments

    Source Error:

    Line 41: 
    Line 42: 
    Line 43: ProtectSection(); Line 44:     }
    Line 45: 


    Why 

    Tuesday, December 18, 2012 2:03 AM
  • User-1822989843 posted

    May I know what is the error? You are not using any connection string in your web.config.. That is why u are getting the error..

    That is not possible using this method.. Bye the way what portion do you want to get encrypted//

    Here is links to start with:

    http://sharpertutorials.com/webconfig-encryption/

    http://adamjohnston.me/2012/10/19/encrypting-asp-net-appsettings-web-config-file/

    http://geekswithblogs.net/afeng/archive/2006/12/10/100821.aspx

    http://msdn.microsoft.com/en-us/library/zhhddkxy%28v=vs.100%29.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 18, 2012 2:06 AM
  • User286910929 posted

    Hi..

    I have my webconfig file in that i need to encrypt this secctions 

    connectionStrings,system.web/authentication,system.web/httpCookies
    Let me know how would be my c# code...
    Thank you
    Tuesday, December 18, 2012 2:14 AM
  • User286910929 posted

    I need to encrypt this

    <location path="a.aspx">
    <system.web>

    <authorization>
    <allow users="User1,User2"/>
    <deny users="*"/>
    </authorization>

    </system.web>
    </location>

    so how would be my code

     WebConfigEncryption.EncryptSection("");

    For connection string i used below its working fine

     WebConfigEncryption.EncryptSection("connectionStrings");

    Tuesday, December 18, 2012 2:22 AM
  • User71929859 posted

    Hello,

    Priya_here

    If any one opens then it should shows encrypt data..

    how to do so..?

    If you are talking about users opening the web.config file through the browser, then you don't have to worry about it. web.config is by default highly secured and cannot be access through a web request. 

    If you need to encrpyt your web.config file when someone physically opens it, the following MSDN article will help you to acheive it.

    http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

    Tuesday, December 18, 2012 4:01 AM