Encrypt ASP.NET Configuration in Web.config Using aspnet_regiis.exe

Posted on June 12, 2013 by Jianming Li

Contents

  1. Prerequisites
  2. Note
  3. Examples
    1. Encrypt appSettings section
    2. Decrypt appSettings section for Editing
  4. Encrypt/Decrypt C# Application Config Section
  5. References
 

Prerequisites

* Windows Server 2008 R2
* Run the commands from same directory as web.config:

Note

* No need to decrypt in application code. The encrypted section will be automatically decrypted during runtime.

Examples

Encrypt appSettings section

* Encrypt the whole appSettings section in web.config file.

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -pef appSettings . -prov DataProtectionConfigurationProvider

* After encryption:

<configuration>
<appSettings configProtectionProvider="DataProtectionConfigurationProvider">
  <EncryptedData>
   <CipherData>
    <CipherValue>...</CipherValue>
   </CipherData>
  </EncryptedData>
</appSettings>
..
</configuration>

Decrypt appSettings section for Editing

 
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -pdf appSettings .

Encrypt/Decrypt C# Application Config Section

* Same approach can be used to encrypt/decrypt C# application config files.
* Follow the steps:
– Rename application config file to web.config
– Run encrypt/decrypt command
– Rename web.config back to application config file name

References

* ASP.NET IIS Registration Tool (Aspnet_regiis.exe)
* Encrypting and Decrypting Configuration Sections

This entry was posted in IIS and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.