How to Encrypt or Decrypt sections of Configuration file.

15 08 2008

How to Encrypt or Decrypt sections of Configuration file.

It is always a good practice to protect sensitive information in configuration files. One should always protect connectionStrings section from being easily readable; also some times it becomes necessary to encrypt appSettings section that may include some sensitive data. You know why…?

So in this Blog I will walkthrough the steps required for encryption\decryption of sections in configuration file.

.Net framework ships two providers for this purpose.
RsaProtectedConfigurationProvider and DpapiProtectedConfigurationProvider.
Here I will use RsaProtectedConfigurationProvider.

 
Step 1) First off all we will add provider to configuration section of web.config file that you want to play with. This provider is required for actual processing done while running commands depicted in step 3 and 4.


<configuration>
<configProtectedData defaultProvider="myProvider">
<providers>
 <clear/>
  <add name="myProvider"
  type="System.Configuration.RsaProtectedConfigurationProvider"
  keyContainerName="NetFrameworkConfigurationKey"/>
</providers>
</configProtectedData>
</configuration>

 RsaProtectedConfigurationProvider requires key container for encryption and decryption purpose. This container includes private\public keys that are required during encryption and decryption process by the attached provider.

NetFrameworkConfigurationKey : This is the default key container shipped by Microsoft. You can also create your own key container that includes private\public keys required for encryption\decryption. In order to avoid confusion I will depict these steps in my next article.

Note: As we are using default key container “NetFrameworkConfigurationKey” you can do away with the first step. This step will be added by machine.config file cause it includes declaration for both providers  (“RsaProtectedConfigurationProvider” and “DpapiProtectedConfigurationProvider”). But this will be helpful incase we are creating our own key container.

Step 2) After adding the provider in Step 1 go to the Visual Studio command prompt. Now In order to access “NetFrameworkConfigurationKey” key container your “ASPNET” account must have permission to access it. Run the below command to give access.

aspnet_regiis -pa “NetFrameworkConfigurationKey” “ASPNET”

 

Step 3) Run below command to encrypt connectionStrings section of your web.config file located in the virtual directory named “MyWebApplication”.

aspnet_regiis -pe connectionStrings -app /MyWebApplication

 

Step 4) Run below command to decrypt connectionStrings section of your web.config file located in the virtual directory named “MyWebApplication”.

aspnet_regiis -pd connectionStrings -app /MyWebApplication

Note: You can replace the “connectionStrings” section with the section name you want to encrypt\decrypt.
Eg: aspnet_regiis -pe appSettings -app /MyWebApplication
This will encrypt “appSettings” section of your web.config file located in the virtual directory named “MyWebApplication”.

To get more help about aspnet_regiis use the below command
aspnet_regiis help

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: