I have an app.config file that I need to distribute with my application. It was created because of a Service Reference to an ASMX web service I added.
It isn't a huge deal if this file is modified/viewed, but I still would like to make it secure. I already check the hash of the config and make sure it is valid, but I still want an added layer of protection.
Here is my config: http://pastie.org/private/zjdzadnfwrjvwkmlbdsqw
So is there anything in there that I can encrypt or anything?
You cannot encrypt the entire
<system.serviceModel> - it's a configuration section group, which contains configuration sections.
aspnet_regiis will only encrypt configuration sections - so you need to selectively encrypt those parts you need, like this:
cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 aspnet_regiis.exe -pef "system.serviceModel/bindings" . aspnet_regiis.exe -pef "system.serviceModel/services" .
With this, you can encrypt what you need easily - what isn't too important, can be left in clear text.
Word of warning: since it's
aspnet_regiis, it expects to be dealing with a
web.config file - copy your
app.config to a location and call it
web.config, encrypt your sections, and copy those encrypted sections back into your own
Or write your own config section encrypter/decrypter - it's really just a few lines of code! Or use mine - I wrote a small
ConfigSectionCrypt utility, come grab it off my OneDrive - with full source (C# - .NET 3.5 - Visual Studio 2008). It allows you to encrypt and decrypt sections from any config file - just specify the file name on the command line.