QuestPond’s Interview Questions & Answers on encrypting web.config files in ASP.NET

Encryption can be done in ASP.NET using the “aspnet_regiis.exe” tool. There are two encryption options provided by ASP.NET: –

Windows Data Protection API (DPAPI) Provider (DataProtectionConfigurationProvider) – this provider uses the built-in cryptography capabilities of Windows to encrypt and decrypt the configuration sections. By default this provider uses the machine’s key.

RSA Protected Configuration Provider (RSAProtectedConfigurationProvider) – uses RSA public key encryption to encrypt/decrypt the configuration sections. With this provider you need to create key containers that hold the public and private keys used for encrypting and decrypting the configuration information.

While encrypting the config files we can choose what kind of provider we need for encryption. So let’s understand step by step how we can actually encrypt the web.config file sections.
Step 1:- Go to the command prompt of the framework.

Step 2:- Run the aspnet_regiis.exe as shown in the figure. We have provided the section which we need to encrypt and the provider. If the command is successfully executed, you should get a succeeded message of encryption. You can see we have decrypted the appSettings section. We have also shown how the unencrypted config file looks after running aspnet_regiis.exe.

Step 3:- Once the file is encrypted you can use the same in your program in a normal fashion. For instance the below defined appSetting key “MyValue” in figure “aspnet_regiis.exe in Action” can be displayed simply by:-


You do not need to do any kind if decryption inside your program again.

Figure 21.4 shows how the plain text is further changed to an encrypted form using aspnet_regiis.exe.


Below is the aspnet_regiis in different forms for your referral.

-- Generic form for encrypting the Web.config file for a particular 
aspnet_regiis.exe -pef section physical_directory –prov provider
   -- or --
aspnet_regiis.exe -pe section -app virtual_directory –prov provider

-- Concrete example of encrypting the Web.config file for a 
particular website

aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\
MySite" –prov "DataProtectionConfigurationProvider"
   -- or --
aspnet_regiis.exe -pe "connectionStrings" -app "/MyWebSite" –prov "

-- Generic form for decrypting the Web.config file for a 
particular website...
aspnet_regiis.exe -pdf section physical_directory
   -- or --
aspnet_regiis.exe -pd section -app virtual_directory

-- Concrete example of decrypting the Web.config file for a 
particular website...
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\
   -- or --
aspnet_regiis.exe -pd "connectionStrings" -app "/MyWebSite"

See following video on Web.config transformation: –


Click and see here for more training on ASP.NET.




About c# and .NET Interview questions

This blog is for developers who want to crack .NET and C# interviews. It has all tips and tricks needed to crack .NET interviews , C# interview , SQL Server interview , Java interview , WCF Interview , Silverlight interview , WPF interview , LINQ interview , Entity framework Interview. Do not forget to watch our Learn step by step video series. Learn MVC in 16 hours:- Learn AngularJS Step by Step:- Learn Design Pattern in 8 hours:- Learn C# and .NET in 60 days:- Learn MSBI in 32 hours:- Learn SharePoint Step by Step in 8 hours:-
This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s