user1481183 user1481183 - 1 month ago 12
ASP.NET (C#) Question

Encrypting web.config sections

In a .NET 4.0 website, which web.config sections can be encrypted?
I read that not all sections can be encrypted, but I can't find anything detailing which sections can.

Answer

From the MSDN docs, it's clear that one can encrypt and decrypt a web.config section using the Aspnet_regiis.exe tool with the –pe option and the name of the configuration element to be encrypted as long as the section is not one of these ones:

The following is a list of configuration sections that cannot be encrypted using protected configuration: processModel, runtime, mscorlib, startup, system.runtime.remoting, configProtectedData, satelliteassemblies, cryptographySettings, cryptoNameMapping, and cryptoClasses. It is recommended that you use other means of encrypting sensitive information, such as the ASP.NET Set Registry console application (Aspnet_setreg.exe) tool, to protect sensitive information in these configuration sections.

Here's what you need to encrypt all other possible sections:

Encrypting and Decrypting Configuration Sections

Walkthrough: Encrypting Configuration Information Using Protected Configuration

Comments