Click here to hide categories Click here to show left categories

User: Home          welcome : Guest          Log In / Register here     

QuestPond’s Interview Questions & Answers on ASP.NET

How do we encrypt web.config files in ASP.NET?

Encryption can be done in ASP.NET using the “aspnet_regiis.exe” tool. There are two encryption options provided by ASP.NET: -

Windows Data Protection API (DPAPI) Provider (DataProtectionConfigurationProvider) - this provider uses the built-in cryptography capabilities of Windows to encrypt and decrypt the configuration sections. By default this provider uses the machine's key.

RSA Protected Configuration Provider (RSAProtectedConfigurationProvider) - uses RSA public key encryption to encrypt/decrypt the configuration sections. With this provider you need to create key containers that hold the public and private keys used for encrypting and decrypting the configuration information.

While encrypting the config files we can choose what kind of provider we need for encryption. So let’s understand step by step how we can actually encrypt the web.config file sections.

Step 1:- Go to the command prompt of the framework.

Step 2:- Run the aspnet_regiis.exe as shown in the figure. We have provided the section which we need to encrypt and the provider. If the command is successfully executed, you should get a succeeded message of encryption. You can see we have decrypted the appSettings section. We have also shown how the unencrypted config file looks after running aspnet_regiis.exe.

Step 3:- Once the file is encrypted you can use the same in your program in a normal fashion.  For instance the below defined appSetting key “MyValue” in figure “aspnet_regiis.exe in Action” can be displayed simply by:-


You do not need to do any kind if decryption inside your program again.

Figure 21.4 shows how the plain text is further changed to an encrypted form using aspnet_regiis.exe.


Below is the aspnet_regiis in different forms for your referral.

-- Generic form for encrypting the Web.config file for a particular website...

aspnet_regiis.exe -pef section physical_directory –prov provider

   -- or --

aspnet_regiis.exe -pe section -app virtual_directory –prov provider

-- Concrete example of encrypting the Web.config file for a particular website

aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite" –prov "DataProtectionConfigurationProvider"

   -- or --

aspnet_regiis.exe -pe "connectionStrings" -app "/MyWebSite" –prov "DataProtectionConfigurationProvider"

-- Generic form for decrypting the Web.config file for a particular website...

aspnet_regiis.exe -pdf section physical_directory

   -- or --

aspnet_regiis.exe -pd section -app virtual_directory

-- Concrete example of decrypting the Web.config file for a particular website...

aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MyWebSite"

   -- or --

aspnet_regiis.exe -pd "connectionStrings" -app "/MyWebSite"

What is AppSetting Section in “Web.Config” file?

Web.config file defines configuration for a web project. Using “AppSetting” section, we can define user-defined values. Example below is a “Connection String” section, which will be used throughout the project for database connection.

<add key="ConnectionString" value="server=xyz;pwd=www;database=testing" />

See the following video on Web.config transformation: -

Click and see here for more step by step training in ASP.NET

Helpful Website Url
Share this article   |    Print    |    Article read by 3625 times
Shivprasad koirala Koirala
I am a Microsoft MVP for ASP/ASP.NET and currently a CEO of a small E-learning company in India. We are very much active in making training videos , writing books and corporate trainings. Do visit my site for .NET, C# , design pattern , WCF , Silverlight , LINQ , ASP.NET , ADO.NET , Sharepoint , UML , SQL Server training and Interview questions and answers
Related Articles:
Related Interview Questions: