BONUS TIP!!! Using aspnet_regiis.exe to encrypt the Web.Config

Posted Tuesday, January 10, 2006 8:54 AM by C-Dog's .NET Tip of the Day

I posted on this quite some time ago, but I thought I would post on it again since it is relatively easy to do and it is a great way to protect your connection strings and what not. If you are wondering, yes I do get lots of ideas for posts from other people's blogs, but since I know most of the people that read this are not the scan Microsoft blog type of people, I provide it here for you.

For example if you wanted to encrypt the connectionStrings element of your web.config, simply type the following.

aspnet_regiis.exe -pef connectionStrings

Note you must be in the same directory or specify the path to the physical directory. You can use -pe and specify the -app parameter to specify a virtual path if you prefer.

To decrypt the section, simply use the -pdf parameter instead.

aspnet_regiis -pdf connectionStrings

Remember it is not necessary to do anything in your code to decrypt the data. ASP.NET will handle it automatically when you retrieve a value from it using the ConfigurationManager object.

Read the complete post at http://www.dotnettipoftheday.com/blog.aspx?id=232

Corey Roth [MVP]

Tags

Navigation

Archives

BONUS TIP!!! Using aspnet_regiis.exe to encrypt the Web.Config