It is always a good practice to protect sensitive information in configuration files. One should always protect connectionStrings section from being easily readable; also some times it becomes necessary to encrypt appSettings section that may include some sensitive data. You know why…?
So in this Blog I will walkthrough the steps required for encryption\decryption of sections in configuration file.
.Net framework ships two providers for this purpose.
RsaProtectedConfigurationProvider and DpapiProtectedConfigurationProvider.
Here I will use RsaProtectedConfigurationProvider.
Step 1) First off all we will add provider to configuration section of web.config file that you want to play with. This provider is required for actual processing done while running commands depicted in step 3 and 4.
[sourcecode language='html']
keyContainerName="NetFrameworkConfigurationKey"/>
[/sourcecode]
RsaProtectedConfigurationProvider requires key container for encryption and decryption purpose. This container includes private\public keys that are required during encryption and decryption process by the attached provider.
NetFrameworkConfigurationKey : This is the default key container shipped by Microsoft. You can also create your own key container that includes private\public keys required for encryption\decryption. In order to avoid confusion I will depict these steps in my next article.
Note: As we are using default key container "NetFrameworkConfigurationKey" you can do away with the first step. This step will be added by machine.config file cause it includes declaration for both providers ("RsaProtectedConfigurationProvider" and "DpapiProtectedConfigurationProvider"). But this will be helpful incase we are creating our own key container.
Step 2) After adding the provider in Step 1 go to the Visual Studio command prompt. Now In order to access "NetFrameworkConfigurationKey" key container your "ASPNET" account must have permission to access it. Run the below command to give access.
aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
Step 3) Run below command to encrypt connectionStrings section of your web.config file located in the virtual directory named "MyWebApplication".
aspnet_regiis -pe connectionStrings -app /MyWebApplication
Step 4) Run below command to decrypt connectionStrings section of your web.config file located in the virtual directory named "MyWebApplication".
aspnet_regiis -pd connectionStrings -app /MyWebApplication
Note: You can replace the "connectionStrings" section with the section name you want to encrypt\decrypt.
Eg: aspnet_regiis -pe appSettings -app /MyWebApplication
This will encrypt "appSettings" section of your web.config file located in the virtual directory named "MyWebApplication".
To get more help about aspnet_regiis use the below command
aspnet_regiis help
1 comment:
A screen over the heads of people holding
Post a Comment