Encrypting web.config

Are you using .net 2?

Are you using .net 2?

yes.I am using .net 2.0

yes.I am using .net 2.0

You can only encrypt certian sections of the web.config file. The most important ones are your applicationSettings and your connectionStrings.


To encrypt the applicationSettings section:
(Be sure to change "ApplicationName" to the name of your application.)

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• type: aspnet_regiis -pe “appSettings" -app "/ApplicationName" -prov "DataProtectionConfigurationProvider"

To encrypt the connectionStrings section:

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pe "connectionStrings" -app "/ApplicationName" -prov "DataProtectionConfigurationProvider"

To change the sensitive sections in the web.config back to clear text, execute the following steps on the computer where the web.config file was encrypted.

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pd "connectionStrings" -app "/ApplicationName"

To change the appSettings section of the web.config file back to clear text:

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pd "appSettings" -app "/ApplicationName"

Please note that this should be done on the web server where your application is hosted.

Also note that if you encrypt the web.config file on one machine it cannot be used, nor de-encrypted on another machine.

Cheers!

-Frinny

You can only encrypt certian sections of the web.config file. The most important ones are your applicationSettings and your connectionStrings.


To encrypt the applicationSettings section:
(Be sure to change "ApplicationName" to the name of your application.)

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• type: aspnet_regiis -pe “appSettings" -app "/ApplicationName" -prov "DataProtectionConfigurationProvider"

To encrypt the connectionStrings section:

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pe "connectionStrings" -app "/ApplicationName" -prov "DataProtectionConfigurationProvider"

To change the sensitive sections in the web.config back to clear text, execute the following steps on the computer where the web.config file was encrypted.

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pd "connectionStrings" -app "/ApplicationName"

To change the appSettings section of the web.config file back to clear text:

• On command line go to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
• Execute aspnet_regiis -pd "appSettings" -app "/ApplicationName"

Please note that this should be done on the web server where your application is hosted.

Also note that if you encrypt the web.config file on one machine it cannot be used, nor de-encrypted on another machine.

Cheers!

-Frinny

Thanks mate.
But my website is hosted on a shared hosting server and I don't have access to the machine.

Thanks mate.
But my website is hosted on a shared hosting server and I don't have access to the machine.

Well that complicates things a lot.
I've never done it any other way because it involves way too much cryptography for my liking.

Maybe ask your administrator/web provider to encrypt the file for you?
Its only 2 or 3 commands on command line.......

-Frinny

Well that complicates things a lot.
I've never done it any other way because it involves way too much cryptography for my liking.

Maybe ask your administrator/web provider to encrypt the file for you?
Its only 2 or 3 commands on command line.......

-Frinny

haha.not sure whether those guys would do it.thanks anyway.