When decrypting a web.config section using aspnet_regiis will fail

Question

User-540818677 posted

I usually secure the connection string and any confidential data inside my web.config file using these commands:-

aspnet_regiis -pe "customAppSettingsGroup/customAppSettings" -app "/" -prov "DataProtectionConfigurationProvider"

ASPNET_REGIIS -pef "customAppSettingsGroup/customAppSettings" "C:\Backups\MSE\MSE\MSE"

but my question is when decrypting those values will fail? or as long as the web.config is on the same server then we can decrypt the value using Asp.Net_REGIIS? or it depends on the certificate inside the server, so for example if the certificate got updates or changed the decrypt will fail?

Thanks

Answer 1

User475983607 posted

I'm not sure what certificate you are referring to or if you have an actual problem.  The aspnet_regiis support documentation explains how the DataProtectionConfigurationProvider and RsaProtectedConfigurationProvider function. DataProtectionConfigurationProvider is machine specific.

https://docs.microsoft.com/en-us/previous-versions/aspnet/53tyfkaw(v=vs.100)

Consider using the RsaProtectedConfigurationProvider if the ability to deploy the configuration file to other systems is required  The RsaProtectedConfigurationProvider key can be imported/exported.  The key can be user level.  You can control what service accounts can run the code.

https://docs.microsoft.com/en-us/previous-versions/aspnet/yxw286t2(v=vs.100)