Encryption can be done in ASP.NET using the “aspnet_regiis.exe” tool. There are two encryption options provided by ASP.NET: –
Windows Data Protection API (DPAPI) Provider (DataProtectionConfigurationProvider) – this provider uses the built-in cryptography capabilities of Windows to encrypt and decrypt the configuration sections. By default this provider uses the machine’s key.
RSA Protected Configuration Provider (RSAProtectedConfigurationProvider) – uses RSA public key encryption to encrypt/decrypt the configuration sections. With this provider you need to create key containers that hold the public and private keys used for encrypting and decrypting the configuration information.
While encrypting the config files we can choose what kind of provider we need for encryption. So let’s understand step by step how we can actually encrypt the web.config file sections.
Step 1:- Go to the command prompt of the framework.
Step 2:- Run the aspnet_regiis.exe as shown in the figure. We have provided the section which we need to encrypt and the provider. If the command is successfully executed, you should get a succeeded message of encryption. You can see we have decrypted the appSettings section. We have also shown how the unencrypted config file looks after running aspnet_regiis.exe.
Step 3:- Once the file is encrypted you can use the same in your program in a normal fashion. For instance the below defined appSetting key “MyValue” in figure “aspnet_regiis.exe in Action” can be displayed simply by:-
You do not need to do any kind if decryption inside your program again.
Figure 21.4 shows how the plain text is further changed to an encrypted form using aspnet_regiis.exe.
Below is the aspnet_regiis in different forms for your referral.
-- Generic form for encrypting the Web.config file for a particular website... aspnet_regiis.exe -pef section physical_directory –prov provider -- or -- aspnet_regiis.exe -pe section -app virtual_directory –prov provider -- Concrete example of encrypting the Web.config file for a particular website aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\ MySite" –prov "DataProtectionConfigurationProvider" -- or -- aspnet_regiis.exe -pe "connectionStrings" -app "/MyWebSite" –prov " DataProtectionConfigurationProvider" -- Generic form for decrypting the Web.config file for a particular website... aspnet_regiis.exe -pdf section physical_directory -- or -- aspnet_regiis.exe -pd section -app virtual_directory -- Concrete example of decrypting the Web.config file for a particular website... aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\ MyWebSite" -- or -- aspnet_regiis.exe -pd "connectionStrings" -app "/MyWebSite"
See following video on Web.config transformation: –
Click and see here for more training on ASP.NET.