Encrypting Custom Configuration Sections

<< Some Feedback | Home | Pushing Software Out The Door >>

Encrypting Custom Configuration Sections

The ASP.NET IIS Registration Tool (Aspnet_regiis.exe) can encrypt and decrypt sections of web.config. There is no special code required in an application, as ASP.NET 2.0 will magically decrypt sections at runtime.

The tool and runtime can also work together to encrypt and decrypt custom configuration sections. So if I have the following in web.config:

<configSections>
   <section 
      name="sampleSection" 
      type="System.Configuration.SingleTagSectionHandler" 
   />
</configSections>

<MySecrets
   FavoriteMusic="Disco" 
   FavoriteLanguage="COBOL" 
   DreamJob="Dancing in the opening ceremonies of the Olympics" 
/>

All I need to do from the command line, is:

aspnet_regiis -pef MySecrets . 

It’s easier than a double pirouette…

Print | posted @ Monday, January 09, 2006 4:54 AM

Comments on this entry:

# re: Encrypting Custom Configuration Sections

by Glyn Simpson at 1/10/2006 8:13 AM

Is this based on some unique machine identifier? Could I encrypt parts of a web.config on one machine and then deploy on another and expect it to work?

If so, that's smart!

Glyn

# re: Encrypting Custom Configuration Sections

by scott at 1/10/2006 4:54 PM

Glyn:

Well, no, not that smart.

The example I have in the post will use a machine-specific key.

If you want to encrypt once and share amoung servers you'll need to use custom keys and the RSA provider, more details here: http://msdn2.microsoft.com/en-us/library/68ze1hb2(en-US,VS.80).aspx

# re: Encrypting Custom Configuration Sections

by Pawan Kamboj at 2/11/2010 7:00 AM

Use this below lines to enc and dec particular section in web.config file

For encrypt: aspnet_regiis.exe -pef "appSettings" "C:\temp"

For decrypt: aspnet_regiis.exe -pdf "appSettings" "C:\temp"

Here "C:\temp" is the physical location where the web.config file should exist