ASP.net 2.0 allows the user to encrypt a single section of a configuration file. The example demonstrates how to encrypt a configuration section programmatically, and configure how the API automatically handles encrypted sections.
ASP.net 2.0 now allows you to encrypt a single section of a configuration file, which makes it almost impossible to use a text editor to read these configuration sections.
asp.net includes two built-in protected configuration providers: the RSA and DPAPI DPAPI providers use computer-specific keys, so you must physically encrypt configuration settings on each computer. The default RSA provider allows you to choose to create an RSA key and install it on a different computer so that you can copy the same configuration file between those computers. Additionally, you can install additional protected configuration providers for use by the system.
Calling the configuration Management API transparently uses an encrypted section because the API automatically handles encryption and decryption. To programmatically set the configuration section to encrypted, you can get the Configurationsection.sectioninformation property and then call the ProtectSection method in the protection provider that you select. To use the default provider, you can pass in null or an empty string. The Unprotectsection method disables the encryption of the configuration section.
The following example shows how to encrypt a configuration section programmatically, and configure how the API automatically handles encrypted sections.
<%@ Import namespace= "System.Configuration"%>
<%@ Import namespace= "System.Web.Configuration"%>
<%@ Import namespace= "System.Xml"%>
<script runat= "Server" language= "C #" >
public void Page_Load (object source, EventArgs e)
... {
if (! IsPostBack) ... {
UpdateUI ();
}
}
void Protectbutton_onclick (Object source, EventArgs E)
... {
String path = Request.currentexecutionfilepath;
Path = path. Substring (0, path. LastIndexOf ('/'));
Get configuration.
Configuration config = webconfigurationmanager.openwebconfiguration (path);
ConfigurationSection appSettings = config. GetSection ("appSettings");
if (appSettings.SectionInformation.IsProtected)
... {
AppSettings.SectionInformation.UnprotectSection ();
}
Else
... {
AppSettings.SectionInformation.ProtectSection ("DataProtectionConfigurationProvider");
}
Try
... {
Config. Save ();
UpdateUI ();
}
catch (Exception ex)
... {
Response.Write ("In order to modify configuration settings, the ASP.net process account
(either the local ASPNET or network Service account, by default) ");
Response.Write ("Must have Write permission granted for the Web.config file
In the sample directory ");
}
}
void UpdateUI ()
... {
String path = Request.currentexecutionfilepath;
Path = path. Substring (0, path. LastIndexOf ('/'));
Get configuration.
Configuration config = webconfigurationmanager.openwebconfiguration (path);
Show the XML for app settings.
ConfigurationSection appSettings = config. GetSection ("appSettings");
Set protect button appropriately.
if (appSettings.SectionInformation.IsProtected)
... {
Encrypted.text = "Yes";
Protectbutton.text = "Unprotect";
}
Else
... {
Encrypted.text = "No";
Protectbutton.text = "Protect";
}
Show the XML for app settings.
Appsettingsxml.text = "" + Server.HTMLEncode (appSettings.SectionInformation.GetRawXml ());
The Load XML directly from config file and to show encrypted XML.
String Configpath = Server.MapPath ("web.config");
XmlDocument doc = new XmlDocument ();
Doc. PreserveWhitespace = true;
Doc. Load (Configpath);
XmlNode appsettingsxml = doc. selectSingleNode ("configuration/appsettings");
Appsettingsencrypted.text = "" + Server.HTMLEncode (appsettingsxml.outerxml);
}
</script>
<title> Encrypted Configuration Sections </title>
<body>
<form id= "Form1" runat= "Server"
<div>
<asp:button runat= "Server" id= "Protectbutton" onclick= "Protectbutton_onclick"/>
Current <pre>
<asp:label runat= "Server" id= "Appsettingsxml"/>
</pre>
<pre>
<asp:label runat= "Server" id= "appsettingsencrypted"/>
</pre>
</div>
</form>
</body>
The corresponding configuration file is as follows:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configProtectedData />
<appSettings>
<add key="currencyService" value="http://www.microsoft.com/services/currencyService.asmx" />
<add key="creditCardValidationService" value="http://www.microsoft.com/services/cc.asmx" />
</appSettings>
</configuration>