Encrypting your web.config file with ASP 2.0 (Visual Studio 2005)
- Posted: Nov 07, 2005 at 3:35 PM
- 38,953 Views
- 6 Comments
Download
How do I download the videos?
- To download, right click the file type you would like and pick “Save target as…” or “Save link as…”
Why should I download videos from Channel9?
- It's an easy way to save the videos you like locally.
- You can save the videos in order to watch them offline.
- If all you want is to hear the audio, you can download the MP3!
Which version should I choose?
- If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
- If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
- If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
- If you just want to hear the audio of the video, choose the MP3 file.
Right click “Save as…”
- Mid Quality WMV (Lo-band, Mobile)
Federal Developer Evangelist, Robert Shelton, Jr., takes you through a short (8 minute) demonstration of how Encrypt portions of your web.config with ASP 2.0 (Visual Studio 2005). This walkthrough shows you how to encrypt two sections of your web.config (AppSettings and ConnectionStrings) with the DPAPI (DataProtectionConfigurationProvider). In addition to these two sections, you can also encrypt your Identity and SessionState sections.
My blog URL: http://sheltonblog.com
Channel 9 Article: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
MSDN Article: How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
Please check out some of my other screencast by clicking this search
link. Including a 3 part series on programming Active Directory with Visual Studio 2005.
~ Robert Shelton, Jr.
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
Follow the Discussion
If I encrypt a web.config file using aspnet_regiis.exe with -pe or -pef option, get encrypted web.config file and take it to another machine, run aspnet_regiis.exe with -pd or -pdf option, what do I get? A plain file or an error? Do the encryption algorithm uses the PKI or any salt to encrypt so that if you exchange windows accounts or machine, the user does not get to the plain file?
I hope that this is clearer,
Robert
I'm curous it you have to encrypt the config files for every separate installation of the webapp (like you did in the video). I guess the encryption/decryption depends on some machine specific key.
How about web application farms. Is there a way to encrypt the config file once and deploy the decrypted version to all instances in the farm?
Regards,
Johan Sundström
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "C:\MyFolder\EncryptionDemo" –prov "DataProtectionConfigurationProvider"
All I got after attempting to run this command from a windows cmd prompt was the aspnet_regiis help screen. What am I missing? I have even ensured my web.config file is not read only and that the aspnet user has full control on the security permissions. Please help. Thanks you.
Sincerely,
Ron Breeding
For example, Johnny Cracker steals the web.config file from my site some how. Could they run -pd on their home IIS 6 server and decrypt the file exposing the information we are trying to hide?
Another possible scenario is that I have a web farm. If server A which I encrypted the file on dies can I decrypt the file on server B?
Just curious,
Thanks again for posting!
Tim Kulp
Remove this comment
Remove this thread
close