Thursday, March 28, 2019

Encrypt connection string in web.config with aspnet_iisreg.exe


In the web.config file of the ASP.NET application, the Connection Strings may contain the user name and password that you want to hide from naked eyes. The ASP.NET IIS Registration Tool (aspnet_iisreg.exe) is a simple way of encrypting it or even the whole <appSettings> section in a web.config.

To encrypt the appSettings section of a web.config file, go to where web.config is located and run command:
aspnet_regiis -pef "appSettings" . -prov "DataProtectionConfigurationProvider"

To decrypt an encrypted appSettings section of a web.config file, go to where web.config is located and run command:
aspnet_regiis -pdf "appSettings" .

The encryption should be done on the same machine where the web site being served. If web.config is encrypted on a development machine and later uploaded to the production machine, the production machine wouldn't be able to decrypt the encrypted section in web.config because the keys for the encryption are specific to the development machine.

No comments:

 
Get This <