How to Encrypt Configuration Sections in ASP.NET


Steps to Encrypt the Connection Strings


Create RSA Key Container

Run Command Prompt and enter:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pc "CustomKey" -exp


Check RSA Key Container

Browse to directory
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
using Windows Explorer. Make sure there are files inside.

Adding a Custom Protected Configuration Provider

Back up the web.config before continuing.
Add this 5 lines above the <connectionStrings> in Web.config found in the root directory of the website.
	<configProtectedData>
		<providers>
			<add keyContainerName="CustomKey" useMachineContainer="true" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" name="CustomProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
		</providers>
	</configProtectedData>


Encrypt the Connection Strings

Run the following command from an Command Prompt:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pe "connectionStrings" -prov "DataProtectionConfigurationProvider"

If the website is not the Default Web Site, you will have to add -site "Site Name" or -app "/VirtualDirectoryName" if it is setup as a Website or Virtual Directory.

You can also choose to enter the physical path instead of choosing the site or virtual directory by this command:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pef "D:\Website\" "connectionStrings" -prov "DataProtectionConfigurationProvider"


Check the Web.config

Lastly, check the Web.config to see if the connectionStrings has been encrypted or not.

To Decrypt the Connection Strings

Run Command Prompt and enter:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pd "connectionStrings"

If the website is not the Default Web Site, you will have to add -site "Site Name" or -app "/VirtualDirectoryName" if it is setup as a Website or Virtual Directory.

You can also choose to use the physical path by entering:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis -pdf "D:\Website\" "connectionStrings" -prov "DataProtectionConfigurationProvider"
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki