Encrypting web.config

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • gomzi
    Contributor
    • Mar 2007
    • 304

    Encrypting web.config

    hi,
    I would like to know as to how I could encrypt my web.config file.
    I am currently hosting my website with a web hosting provider on a shared hosting account.
    thanks,
    gomzi.
  • kenobewan
    Recognized Expert Specialist
    • Dec 2006
    • 4871

    #2
    Are you using .net 2?

    Comment

    • gomzi
      Contributor
      • Mar 2007
      • 304

      #3
      Originally posted by kenobewan
      Are you using .net 2?
      yes.I am using .net 2.0

      Comment

      • Frinavale
        Recognized Expert Expert
        • Oct 2006
        • 9749

        #4
        Originally posted by gomzi
        yes.I am using .net 2.0
        You can only encrypt certian sections of the web.config file. The most important ones are your applicationSett ings and your connectionStrin gs.


        To encrypt the applicationSett ings section:
        (Be sure to change "ApplicationNam e" to the name of your application.)
        • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
        • type: aspnet_regiis -pe “appSettings" -app "/ApplicationName " -prov "DataProtection ConfigurationPr ovider"


        To encrypt the connectionStrin gs section:
        • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
        • Execute aspnet_regiis -pe "connectionStri ngs" -app "/ApplicationName " -prov "DataProtection ConfigurationPr ovider"


        To change the sensitive sections in the web.config back to clear text, execute the following steps on the computer where the web.config file was encrypted.
        • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
        • Execute aspnet_regiis -pd "connectionStri ngs" -app "/ApplicationName "

        To change the appSettings section of the web.config file back to clear text:
        • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
        • Execute aspnet_regiis -pd "appSetting s" -app "/ApplicationName "


        Please note that this should be done on the web server where your application is hosted.

        Also note that if you encrypt the web.config file on one machine it cannot be used, nor de-encrypted on another machine.

        Cheers!

        -Frinny

        Comment

        • gomzi
          Contributor
          • Mar 2007
          • 304

          #5
          Originally posted by Frinavale
          You can only encrypt certian sections of the web.config file. The most important ones are your applicationSett ings and your connectionStrin gs.


          To encrypt the applicationSett ings section:
          (Be sure to change "ApplicationNam e" to the name of your application.)
          • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
          • type: aspnet_regiis -pe “appSettings" -app "/ApplicationName " -prov "DataProtection ConfigurationPr ovider"


          To encrypt the connectionStrin gs section:
          • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
          • Execute aspnet_regiis -pe "connectionStri ngs" -app "/ApplicationName " -prov "DataProtection ConfigurationPr ovider"


          To change the sensitive sections in the web.config back to clear text, execute the following steps on the computer where the web.config file was encrypted.
          • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
          • Execute aspnet_regiis -pd "connectionStri ngs" -app "/ApplicationName "

          To change the appSettings section of the web.config file back to clear text:
          • On command line go to C:\WINDOWS\Micr osoft.NET\Frame work\v2.0.50727
          • Execute aspnet_regiis -pd "appSetting s" -app "/ApplicationName "


          Please note that this should be done on the web server where your application is hosted.

          Also note that if you encrypt the web.config file on one machine it cannot be used, nor de-encrypted on another machine.

          Cheers!

          -Frinny

          Thanks mate.
          But my website is hosted on a shared hosting server and I don't have access to the machine.

          Comment

          • Frinavale
            Recognized Expert Expert
            • Oct 2006
            • 9749

            #6
            Originally posted by gomzi
            Thanks mate.
            But my website is hosted on a shared hosting server and I don't have access to the machine.
            Well that complicates things a lot.
            I've never done it any other way because it involves way too much cryptography for my liking.

            Maybe ask your administrator/web provider to encrypt the file for you?
            Its only 2 or 3 commands on command line.......

            -Frinny

            Comment

            • gomzi
              Contributor
              • Mar 2007
              • 304

              #7
              Originally posted by Frinavale
              Well that complicates things a lot.
              I've never done it any other way because it involves way too much cryptography for my liking.

              Maybe ask your administrator/web provider to encrypt the file for you?
              Its only 2 or 3 commands on command line.......

              -Frinny
              haha.not sure whether those guys would do it.thanks anyway.

              Comment

              Working...