Using the command-line tool aspnet_regiis.exe
You can also use the Aspnet_regiis.exe command-line tool to encrypt and decrypt the Web. config file configuration section, which you find in the "%windowsdir%\microsoft.net\framework\version" directory. In order to encrypt a section in the Web. config file, you can use the DPAPI machine key in this command-line tool, as follows:
Encrypt the common form of a Web. config file for a specific website:
ASPNET_REGIIS.EXE-PEF Section Physical_directory-prov Provider
Or:
Aspnet_regiis.exe-pe Section-app Virtual_directory-prov Provider
To encrypt a specific instance of a Web. config file for a specific website:
Aspnet_regiis.exe-pef "ConnectionStrings" "C:\Inetpub\wwwroot\MySite"-prov "DataProtectionConfigurationProvider"
Or:
Aspnet_regiis.exe-pe "ConnectionStrings"-app "/mysite"-prov "DataProtectionConfigurationProvider"
Decrypt the common form of a Web. config file for a particular website:
Aspnet_regiis.exe-pdf Section Physical_directory
Or:
ASPNET_REGIIS.EXE-PD Section-app Virtual_directory
To decrypt a specific instance of a Web. config file for a specific website:
Aspnet_regiis.exe-pdf "ConnectionStrings" "C:\Inetpub\wwwroot\MySite"
Or:
You can also specify the encryption/decryption of the Machine.config file that is performed by Aspnet_regiis.exe.
"Tip" Encrypt configuration settings in ASP. NET version 1.x
To protect configuration settings in ASP. NET version 1.x, developers need to encrypt and store sensitive settings in the registry of the Web server and store them in a "strong" key way. The configuration file does not store encrypted content, such as ASP. NET 2.0, but contains a reference to the registry key that stores the encrypted value. For example:
<identity impersonate= "true" Username= "Registry:hklm\software\my_secure_app\identity\aspnet_setreg,username" password= "Registry:hklm\software\my_secure_app\identity\aspnet_setreg,password"/>
Microsoft provides developers with the Aspnet_setreg.exe command-line tool for encrypting sensitive configuration information and moving it to a "strong" registry entry. Unfortunately, this tool works only for specific configuration settings, and in contrast, ASP. NET 2.0 allows you to encrypt any configuration section.
For more information on using Aspnet_setreg.exe in an ASP. NET 1.x application, refer to kb#32990 in MSDN. Unfortunately, this command-line program only encrypts predefined sections in configuration settings and does not allow you to encrypt the database connection strings and other sensitive information that you add yourself.
Encryption instance:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis-pdf connectionStrings i:\ Code Warehouse \wt_projects\websites\ WebSite