Security is one of the major aspects in terms of a web application. Security can be implemented using different methods in a web application. One of the main components, which required high security, is the configuration files, where we will define the configurations. In this document, we will discuss about the simple way to protect the web.config entries.
Encrypt Web.Config Sections
We can encrypt the required sections using the Asp.Net built in utility aspnet_regiis. For example, we want to encrypt the following appSettings defined in the default website
Open the command prompt and run the command
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pe "appSettings"
Sometimes, we need to encrypt the sections of another website, which is not the default website, and then use the following options
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pe "appSettings" -app "/" -site TestSite
This command specifies encrypt the appSettings section of the site TestSite. –app indicates the virtual directory under the site. For encrypting the web.config of the main web site use the virtual directory value as “/”.
In some cases, we may need to encrypt the web.config under a virtual directory or web application under our web site, then use the following command
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pe "appSettings" -app "/MyApp" -site TestSite
Here, the command indicates encrypt the web.config of the TestSite and find the configuration under the MyApp web application configured under the website.
Instead of using the site name, we can use the metadata identifier or ID of the site, which can be obtained from the IIS Manager.
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pe "appSettings" -app "/MyApp" -site 5
Decrypt Web.Config Sections
Same as encrypt, we can us ethe same utility to decrypt the section values for further updates. The decrypt command is
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pd "appSettings" -app "/MyApp"
-site TestSite
for 1024 bit encryption http://aspnettutorialonline.blogspot.com/2012/05/encryption-and-decryption-in-aspnet.html
ReplyDeletethanks for 1024 bit it also works.
ReplyDelete