Archive

Posts Tagged ‘encrypt’

How to: Encrypt/Decrypt web.config

October 17, 2010 Leave a comment

When you are developing a ASP.NET Web Application, you know that the web.config file is a very important file to your web application. This is because, it contains all/part of your application settings, such as connection strings. So, when you have completed developing your web application and wants to deploy it to the server, you might want to encrypt the web.config file first. This is to make sure that nobody knows what is the content in that web.config file if they manage to get a copy of it. Well of course IIS will not allow any request to view/download the web.config file.

You can encrypt/decrypt the web.config file at any time. Take note that you can ONLY decrypt an encrypted web.config file on the machine that encrypted the web.config. Here is several ways of how you can encrypt your web.config files:

Encrypt

  1. Open up a Command Prompt.
    For Windows XP: press Win+R, then type in “cmd” and hit Enter.
    For Windows Vista/Windows 7: Press start and type “cmd” in the search bar. Click on the “Cmd” program.
  2. Navigate to the the directory “C:\Windows\Microsoft.NET\Framework\v2.0.50727\
  3. Then, type in the following:
    aspnet_regiis -pe “connectionStrings” -app “/SampleApplication” -prov “RsaProtectedConfigurationProvider”

NOTE:

This sample above is to encrypt the “connectionStrings” section for the application “SampleApplication” using the provider “RsaProtectedConfigurationProvider”.

 

Decrypt

  1. Open up a Command Prompt.
    For Windows XP: press Ctrl+R, then type in “cmd” and hit Enter.
    For Windows Vista/Windows 7: Press start and type “cmd” in the search bar. Click on the “Cmd” program.
  2. Navigate to the the directory “C:\Windows\Microsoft.NET\Framework\v2.0.50727\
  3. Then, type in the following:
    aspnet_regiis –pd “connectionStrings” -app “/SampleApplication”
Advertisements
Categories: ASP.NET Tags: , , ,