Library code snippets
Encrypting Web.config sections in ASP.NET 2.0
If you suffer from deep paranoia like me, you'll find a little disturbing to declare all your connection strings in the new <connectionsStrings> section of your web application's Web.config file. This is how it looks like before encrypting:
<connectionStrings>
<add name="Pubs" connectionString="Server=localhost;Integrated Security=True;Database=Pubs"
providerName="System.Data.SqlClient" />
<add name="Northwind" connectionString="Server=localhost;Integrated Security=True;Database=Northwind"
providerName="System.Data.SqlClient" />
</connectionStrings>
Behold ASP.NET 2.0 new security features. Now you can actually encrypt any section of your Web.config file on-the-fly and programatically. If you have full access to your Web server, you can encrypt your connection strings with this single command-line located in the in the %windows%\Microsoft.NET\Framework\versionNumber folder:
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication"
If you can't execute commands in your web server, for example, when using shared hosting, you still can encrypt it programatically:
Configuration config = Configuration.GetWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.Sections["connectionStrings"];
section.ProtectSection ("DataProtectionConfigurationProvider");
config.Update();
Now, the section in your Web.config file will look like this:
<connectionStrings>
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMndjHoAw...</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
I hope you found this article useful. Happy coding!
Related articles
Related discussion
-
Export Datagrid to Excel with same formatting
by BarbaMariolino (1 replies)
-
how to design a template platform which can be used to create many different pages?
by polytheme (1 replies)
-
sending sms from pc
by sriraj20074 (0 replies)
-
Capture Video
by ess-image (23 replies)
-
DataGrid - How to display the content of a hidden TemplateField on mouseover
by DonCarnage (0 replies)
Related podcasts
-
StackOverflow uses ASP.NET MVC - Jeff Atwood and his technical team
Scott chats with Jeff Atwood of CodingHorror.com and most recently, StackOverflow.com. Jeff and Joel Spolsky and their technical team have created a new class of application using ASP.NET MVC. What works, what doesn't, and how did it all go down?
Events coming up
-
Jul
7
DTC 70-528 Session 7: Chapter 12
Greenwood Village, United States
Due to lack of interest of the 5th Monday meetup, we will continue as originally scheduled. The topic of the night will be "Chapter 12 - Creating ASP.NET Mobile Web Applications", taught by RJ Hatch. It is a fairly small chapter, so we can discuss other topics as well. Pizza and beverages will be provided on a donation basis.
I noticed you found your own answer - and if anyone else comes here looking for the answer, they can see your solution at:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=218559&SiteID=1
(which is basically to go to the properties of the folder, select the Web Sharing tab, and select "Share this folder")
Thanks! :)
Encrypting Configuration section...
A configuration file cannot be created for the requested Configuration object.
Failed!
I have multiple websites on my webserver. I have one under the wwwroot which I encrypted using an app path in the -app parameter that was simply:
aspnet_regiis -pe "connectionStrings" -app "/"
I have another which happens to be subweb. I did it like:
aspnet_regiis -pe "connectionStrings" -app "/main/subweb"
This one also worked.
Then I tried it with one of my other ones which was not a subweb, I'll call it app2
aspnet_regiis -pe "connectionStrings" -app "/app2"
Now the way these webs are physically on the disc, the first one is under the inetpub/wwwroot and all of the rest are webs that are under a directory which I've named c:/myWebs. So the actual physical sites are as follows:
c:/myWebs/main/subweb
c:/myWebs/app2
The documentation that I can find says that the -app refers to the virtual directory so I am wondering if I am putting in the correct parameter for the -app keyword. Actually the name is pretty long - 23 characters, so maybe that could be a problem too.
Anyway, I was thinking of doing this programatically, but then I wondered how would that actually work? Would I create a special page that only I could access that would have an encrypt and decrypt button? Otherwise, what would prevent a casual hacker from going in and encrypting it? or decrypting it? I think I'm missing part of the equation -- perhaps you can enlighten me...
Thanks,
This thread is for discussions of Encrypting Web.config sections in ASP.NET 2.0.