BONUS TIP!!! Using aspnet_regiis.exe to encrypt the Web.Config
Posted
Tuesday, January 10, 2006 8:54 AM
by
C-Dog's .NET Tip of the Day
I posted on this quite some time ago, but I thought I would post on it again since it is relatively easy to do and it is a great way to protect your connection strings and what not. If you are wondering, yes I do get lots of ideas for posts from other people's blogs, but since I know most of the people that read this are not the scan Microsoft blog type of people, I provide it here for you.
For example if you wanted to encrypt the connectionStrings element of your web.config, simply type the following.
aspnet_regiis.exe -pef connectionStrings
Note you must be in the same directory or specify the path to the physical directory. You can use -pe and specify the -app parameter to specify a virtual path if you prefer.
To decrypt the section, simply use the -pdf parameter instead.
aspnet_regiis -pdf connectionStrings
Remember it is not necessary to do anything in your code to decrypt the data. ASP.NET will handle it automatically when you retrieve a value from it using the ConfigurationManager object.
Read the complete post at http://www.dotnettipoftheday.com/blog.aspx?id=232