TechnicalArchitectureWorx

The (Unofficial) ITWorx Technical Architecture Blog

Encrypting Web.Config Sections in .NET 2.0

Posted by archworx on October 18, 2006

Encrypting sections in your Web.config file that contain sensitive information (such as Connection Strings) is a security precaution that any decent ASP.NET developer should take care of, and in .NET 2.0 it couldn’t be any easier. You can encrypt any section of your Web.config file from the command line using the aspnet_regiis command or programatically from within your code. To do it from the command line you can open your Visual Studio Command Prompt and type

aspnet_regiis -pe "NAME OF YOUR WEB.CONFIG SECTION" -app "/YOUR WEBSITE NAME ON IIS"

Voila….the configuration section you typed in the command now is now encrypted, here are screenshots of a ConnectionStrings Section in a web.config file after it has been encrypted.

If you prefer to encrypt a Web.config section programatically, you can do it through the following code:

Configuration config = Configuration.GetWebConfig
uration(Request.ApplicationPath);
ConfigurationSection section = config.Sections["connectionStrings"];
section.ProtectSection ("DataProtectionConfigurationProvider");
config.Update();

You can use this technique if you don’t have full access to the Web Server.

References : http://www.developerfusion.co.uk/show/5263/ 

 

 

Advertisements

2 Responses to “Encrypting Web.Config Sections in .NET 2.0”

  1. Merchants & Southern Bank, Money & Service Online

    Thank you for your post!

  2. Kumar said

    The configuration files were created for easy changing of the strings instead of opening up the whole code.

    For example at the development environment I’ve a database connection string that will / might be different fromt he one at the production level. Or mebbe that at a future date the string might be chnged in this case how is it that we can protect / encrypt the config sections.

    Also is any special code needed for reading the encrypted strings?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: