Encrypting Custom Configuration Sections

Monday, January 9, 2006

The ASP.NET IIS Registration Tool (Aspnet_regiis.exe) can encrypt and decrypt sections of web.config. There is no special code required in an application, as ASP.NET 2.0 will magically decrypt sections at runtime.

The tool and runtime can also work together to encrypt and decrypt custom configuration sections. So if I have the following in web.config:

<configSections>
   <
section
      
name="sampleSection"
      
type="System.Configuration.SingleTagSectionHandler"
   />
</
configSections>

<
MySecrets
   FavoriteMusic="Disco"
   
FavoriteLanguage="COBOL"
   
DreamJob="Dancing in the opening ceremonies of the Olympics"
/>

All I need to do from the command line, is:

aspnet_regiis -pef MySecrets .

It’s easier than a double pirouette…


Comments
Glyn Simpson Tuesday, January 10, 2006
Is this based on some unique machine identifier? Could I encrypt parts of a web.config on one machine and then deploy on another and expect it to work?

If so, that's smart!

Glyn
scott Tuesday, January 10, 2006
Glyn:

Well, no, not that smart.

The example I have in the post will use a machine-specific key.

If you want to encrypt once and share amoung servers you'll need to use custom keys and the RSA provider, more details here: http://msdn2.microsoft.com/en-us/library/68ze1hb2(en-US,VS.80).aspx
Pawan Kamboj Thursday, February 11, 2010
Use this below lines to enc and dec particular section in web.config file


For encrypt: aspnet_regiis.exe -pef "appSettings" "C:\temp"


For decrypt: aspnet_regiis.exe -pdf "appSettings" "C:\temp"


Here "C:\temp" is the physical location where the web.config file should exist
gravatar Pawan Friday, August 27, 2010
Scott,
i am having issue while encryption in custom section.following is the configuration setting

<configSections>
<section
name="Pawan"
type="System.Configuration.SingleTagSectionHandler"
/>
</configSections>

<Pawan>
<Resources>
<Properties>

</Properties>
<Resources>
<add name="ConnectionString"
connectionString="Initial Catalog=DB;
data source=localhost;user id=sa;password=sa;"/>
</Resources>
</Resources>
<pawan/>

when i am trying to encrypt above connection string i am getting error section not found here you go for command


aspnet_regiis -pef "connectionStrings" "D:\TestProject\EncryptandDecrypt" prov "DataProtectionConfigurationProvider"


could you please help on the same

Thanks
Pawan Pawar
gravatar ericm Thursday, September 2, 2010
I don't get it. You open a command prompt and navigate to a folder and run regiis and it looks for an app.config or a web.config automatically? Is the 'System.Configuration.SingleTagSectionHandler' required? I've never seen that.

PAWAN... why do you have a Resources node in a Resources node? I don't think that is supported.
gravatar Teldin Tuesday, October 26, 2010
This is very nice, thank you.

TIP: best to run this command from your root web folder (where your web.config resides)

C:\inetpub\wwwroot>C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pef "connectionStrings" .
Comments are now closed.
by K. Scott Allen K.Scott Allen
My Pluralsight Courses
The Podcast!