Using Command line tools Aspnet_regiis.exe
You can also use the Aspnet_regiis.exe command-line tool to encrypt and decrypt the Web.config file configuration section, and you may find this tool in the "%windowsdir%\microsoft.net\framework\version" directory. To encrypt a section in the Web.config file, you can use the DPAPI machine key in this command-line tool as follows:
Encrypt the common form of a Web.config file for a particular Web site:
Copy Code code as follows:
ASPNET_REGIIS.EXE-PEF Section Physical_directory-prov Provider
Or:
Copy Code code as follows:
Aspnet_regiis.exe-pe Section-app Virtual_directory-prov Provider
To encrypt a specific instance of a Web.config file for a particular Web site:
Copy Code code as follows:
Aspnet_regiis.exe-pef "connectionstrings" "C:\Inetpub\wwwroot\MySite"-prov "DataProtectionConfigurationProvider"
Or:
Copy Code code as follows:
Aspnet_regiis.exe-pe "connectionstrings"-app "/mysite"-prov "DataProtectionConfigurationProvider"
The common form of decrypting a Web.config file for a particular Web site:
Copy Code code as follows:
Aspnet_regiis.exe-pdf Section Physical_directory
Or:
Copy Code code as follows:
ASPNET_REGIIS.EXE-PD Section-app Virtual_directory
To decrypt a specific instance of a particular Web site's Web.config file:
Copy Code code as follows:
Aspnet_regiis.exe-pdf "connectionstrings" "C:\Inetpub\wwwroot\MySite"
Or:
You can also specify that the encryption/decryption of machine.config files be performed by Aspnet_regiis.exe.
"Prompt" To encrypt configuration settings in asp.net version 1.x
To protect the configuration settings in the ASP.net version 1.x, developers need to encrypt and store sensitive settings in the registry of the Web server and store them in a "strong" key. Instead of storing encrypted content (as in ASP.net 2.0), the configuration file contains only a reference to the registry key that stores the encrypted value. For example:
Copy Code code as follows:
<identity impersonate= "true"
Username= "Registry:hklm\software\my_secure_app\identity\aspnet_setreg,username"
password= "Registry:hklm\software\my_secure_app\identity\aspnet_setreg,password"/>
Microsoft provides developers with Aspnet_setreg.exe command-line tools for encrypting sensitive configuration information and moving it to a "strong" registry entry. Unfortunately, this tool works only for specific configuration settings, whereas ASP.net 2.0 allows any configuration section to be encrypted.
For more information about using Aspnet_setreg.exe in a ASP.net 1.x application, refer to kb#32990 in MSDN. Unfortunately, this command-line program only encrypts the predefined sections in configuration settings and does not allow you to encrypt the database connection strings and other sensitive information you add yourself.
Encrypted instance:
Copy Code code as follows:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis-pdf connectionstrings i:\ Code warehouse \wt_projects\websites\ WebSite
