<< Some Feedback | Home | Pushing Software Out The Door >>

Encrypting Custom Configuration Sections

The ASP.NET IIS Registration Tool (Aspnet_regiis.exe) can encrypt and decrypt sections of web.config. There is no special code required in an application, as ASP.NET 2.0 will magically decrypt sections at runtime.

The tool and runtime can also work together to encrypt and decrypt custom configuration sections. So if I have the following in web.config:

<configSections>
   <section
      name="sampleSection"
      type="System.Configuration.SingleTagSectionHandler"
   />
</configSections>

<MySecrets
   FavoriteMusic="Disco"
   FavoriteLanguage="COBOL"
   DreamJob="Dancing in the opening ceremonies of the Olympics"
/>

All I need to do from the command line, is:

aspnet_regiis -pef MySecrets .

It’s easier than a double pirouette…

Print | posted @ Monday, January 09, 2006 4:54 AM

Comments on this entry:

Gravatar # re: Encrypting Custom Configuration Sections
by Glyn Simpson at 1/10/2006 8:13 AM
Is this based on some unique machine identifier? Could I encrypt parts of a web.config on one machine and then deploy on another and expect it to work?

If so, that's smart!

Glyn
  
Gravatar # re: Encrypting Custom Configuration Sections
by scott at 1/10/2006 4:54 PM
Glyn:

Well, no, not that smart.

The example I have in the post will use a machine-specific key.

If you want to encrypt once and share amoung servers you'll need to use custom keys and the RSA provider, more details here: http://msdn2.microsoft.com/en-us/library/68ze1hb2(en-US,VS.80).aspx
  
Gravatar # re: Encrypting Custom Configuration Sections
by Pawan Kamboj at 2/11/2010 7:00 AM
Use this below lines to enc and dec particular section in web.config file


For encrypt: aspnet_regiis.exe -pef "appSettings" "C:\temp"


For decrypt: aspnet_regiis.exe -pdf "appSettings" "C:\temp"


Here "C:\temp" is the physical location where the web.config file should exist
  
Gravatar # re: Encrypting Custom Configuration Sections
by Pawan at 8/27/2010 6:37 AM
Scott,
i am having issue while encryption in custom section.following is the configuration setting

<configSections>
<section
name="Pawan"
type="System.Configuration.SingleTagSectionHandler"
/>
</configSections>

<Pawan>
<Resources>
<Properties>

</Properties>
<Resources>
<add name="ConnectionString"
connectionString="Initial Catalog=DB;
data source=localhost;user id=sa;password=sa;"/>
</Resources>
</Resources>
<pawan/>

when i am trying to encrypt above connection string i am getting error section not found here you go for command


aspnet_regiis -pef "connectionStrings" "D:\TestProject\EncryptandDecrypt" prov "DataProtectionConfigurationProvider"


could you please help on the same

Thanks
Pawan Pawar
  
Gravatar # re: Encrypting Custom Configuration Sections
by ericm at 9/2/2010 12:13 PM
I don't get it. You open a command prompt and navigate to a folder and run regiis and it looks for an app.config or a web.config automatically? Is the 'System.Configuration.SingleTagSectionHandler' required? I've never seen that.

PAWAN... why do you have a Resources node in a Resources node? I don't think that is supported.
  
Gravatar # re: Encrypting Custom Configuration Sections
by Teldin at 10/26/2010 11:54 AM
This is very nice, thank you.

TIP: best to run this command from your root web folder (where your web.config resides)

C:\inetpub\wwwroot>C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pef "connectionStrings" .
  
Comments have been closed on this topic.