Encrypt Config Sections in ASP.NET 2.0
(Encrypt Connection Strings in web.config using RSA and machine level containers)

This article assumes the user is using Visual Studio.NET 2005 Web server and wants to use the default provider with default settings. The RSAProtectedConfigurationProvider is the default provider and is configured to use the machine level key container.

Encryption:

• Add a connection string section with a connection string in regular text in the local web.config file of your application.

• Run the following command to encrypt (should be run from Visual Studio 2005 command prompt).

aspnet_regiis -pef "connectionStrings" c:\projects\RSAEncryptSample

Note: The third segment in the command after -pef is the section in the web.config file that you want to encrypt. The fourth segment in the command is the location of the config file whose section you want to encrypt. aspnet_regiis utility is located at %WinDir%\Microsoft.NET\Framework\'versionNumber'\. As the default provider with default settings is selected, wedo not need to use the -prov switch in the command.

And that's it the section is encrypted and your web.config file is changed with the new encrypted stuff.

Accessing Encrypted Connection String:

• ASP.NET automatically handles the decryption in this case. All you have to do to see the connection string in text is ...somewhere in your code..like in page_load..put the following code and run the web application and you should the connection string in text.

Response.write("Connection string in Text" & ConfigurationManager.ConnectionStrings("myLocalSqlServer").ConnectionString.

Decryption :

• Run the following command(from Visual Studio 2005 Command prompt) to decrypt the above encrypted section back.

aspnet_regiis -pdf "connectionStrings" c:\projects\RSAEncryptSample