Library tutorials & articles

Edit and Encrypt Web.Config sections using C# 2.0

By Mohammed Habeeb, published on 14 May 2007
Page 3 of 3
  1. Introduction
  2. Modifying a Web.Config file
  3. Encrypting sections in Web.Config file

Encrypting sections in Web.Config file

Now comes the security issues. At times there comes the necessity for protecting sections of config file. In .NET 2.0 there are options available to encrypt sections of Web.config file programatically. The following method encrypts the "appSettings" section in Web.config file. 

private void EncryptAppSettings()  
{
	Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
	AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
	if (!objAppsettings.SectionInformation.IsProtected)
	{
		objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
		objAppsettings.SectionInformation.ForceSave = true;
		objConfig.Save(ConfigurationSaveMode.Modified);
	}
}

The code above opens Web.Config file for modification. It then retrieves the "appSettings" section. The ProtectSection() method of SectionInformation class marks the configuration section for protection. It accepts the name of the protection provider to be used for the encryption. The ForceSave property indicates if the specified configuration section will be saved even if it has not been modified. Finally the Save() of the Configuration object writes the configuration settings to the Web.config file. The argument to the Save() method indicates the only properties modified need to be written to the physical file.

Decrypting sections of web.config file through code is very identical. The UnprotectSection() method of SectionInformation class removes the encryption from the configuration section. 

private void DecryptAppSettings()
{
	Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
	AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
	if (objAppsettings.SectionInformation.IsProtected)
	{
		objAppsettings.SectionInformation.UnprotectSection();
		objAppsettings.SectionInformation.ForceSave = true;
		objConfig.Save(ConfigurationSaveMode.Modified);
	}
}
This encrytion and decryption functionality can be applied to other sections of web.config file also. It comes in use mostly for "connectionStrings" section where usually the user name and password would be specified. This can done by creating a ConfigurationSection object. An example for "connectionStrings" section is listed below. 
ConfigurationSection objConfigSection = objConfig.ConnectionStrings;
ConfigurationSection class represents a section within the configuration file. Configuration class has propertes for each configuration section. This property can be used to get respective ConfigurationSection objects. This is an alternative to the usage of GetSection() method of Configuration class.

Comments

  1. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of Edit and Encrypt Web.Config sections using C# 2.0.

Leave a comment

Sign in or Join us (it's free).

Related tags

c#, asp.net, visual studio
Mohammed Habeeb Mohammed Habeeb works as a software developer for an India based CMMI L5 Business Solutions Provider InApp Information Technologies situated at technopark. He holds a bachelors in Computer Science ...
AddThis

Related articles

Ask a question

Related discussion

Related podcasts

  • Looking into the C# Crystal Ball with Charlie Calvert and Bill Wagner

    One of the most exciting announcements from PDC was the news about C# 4.0 and Visual Studio 2010. With all the excitement and discussion throughout the event about these new developer tools, we reached out to two experts in the fields. Charlie Calvert and Bill Wagner sat down with Keith and Woody...

Languages

Web Development

Frameworks & Architecture

Other major sections

Cancel
Want to stay in touch with what's going on? Follow us on twitter!