Series directory:
Web. config encryption-Basic Knowledge
Web. config encryption -- use aspnet_regiis
Web. config encryption-Programming
Web. config encryption and decryption (conversion) (previously reposted by othersArticle)
------------------------------------------------------------------
The aspnet_regiis tool can register the. NET Framework Version Used by IIS and encrypt web. config. Here we mainly use it for Web. config encryption.
I have not tested aspnet_regiis, but I prefer to writeProgram.
Position of aspnet_regiis:
C: \ windows \ Microsoft. NET \ framework \ v1_50727.
Usage:
Encrypt the connectionstrings Block
Aspnet_regiis - PE ' Connectionstrings ' - App ' /Appposition ' - Prov ' Rsaprotectedconfigurationprovider '
Decrypt the connectionstrings Block
Aspnet_regiis - PD ' Connectionstrings ' - App ' /Appposition '
If you do not need to decrypt the encrypted block during use, you must authorize network service to access the RSA key container.CodeAs follows:
Aspnet_regiis - Pa ' Netframeworkconfigurationkey ' ' Nt authority \ Network Service '
Note: The RSA key container name used by the rsaprotectedconfigurationprovider is "netframeworkconfigurationkey"
Appendix: aspnet_regiss parameter description in msdn
Option:
Option
|
Description
|
-C |
Install ASP. NET client scripts (such as client verification scripts) in the aspnet_client subdirectory of each Internet Information Service (IIS) site directory. Only the ASP. NET client scripts associated with aspnet_regiis.exe are installed. |
-Disable |
Disable ASP. NET in the IIS security console. This option can only be used-I,-IROr-ROption. This option cannot be used in IIS versions earlier than IIS 6.0. |
-E |
Remove ASP. NET client scripts from the aspnet_client subdirectory of each IIS Site Directory. Only remove ASP. NET client scripts associated with aspnet_regiis.exe. |
-Ea |
Remove all ASP. NET client scripts from the aspnet_client subdirectory of each IIS Site Directory. |
-Enable |
Enable ASP. NET in the IIS security console. This option can only be used-I,-IROr-ROption. This option cannot be used before IIS 6.0 or before ASP. NET 2.0. |
-Ga User |
Grant the specified user access permissions to the IIS metadatabase used by ASP. NET and other directories. This option cannot be used in versions earlier than ASP. NET 2.0. |
-I |
Install the ASP. NET version associated with aspnet_regiis.exe, and update the script ing between the IIS metadata library root directory and the root directory. Update only the script ing of applications that use the early ASP. NET version. New applications are not affected. |
-IR |
Install the ASP. Net version associated with aspnet_regiis.exe and register ASP. NET only in IIS. This option does not update the script ing. To install ASP. NET and update script ing, use-I. |
-K Path |
Remove all ASP. Net version script mappings from all ASP. NET applications in the specified application root path and Its subdirectories. |
-Kn Path |
Only remove all ASP. NET version script mappings from ASP. NET applications in the specified application root path. This option does not affect the specifiedPath. |
-LK |
Lists the paths and versions of all IIS metadatabase items that contain ASP. NET script ing. The ing of ASP. NET scripts inherited from the parent item is not displayed. |
-LV |
Lists the status and installation path of all ASP. NET versions installed on your computer. |
-Norestart |
Do not restart the IIS auxiliary process after installing or updating ASP. NET script ing. If you will manually restart the IIS auxiliary process-IOr-ROption. |
-R |
Update the ing of all scripts in and below the IIS metadatabase to point to the ASP. net isapi version associated with aspnet_regiis.exe. Regardless of the current version, all existing script mappings are updated to point to the ASP. net isapi version associated with the ASP. net iis registration tool. |
-S Path |
Set Script ing (this script ing points to the ASP. net isapi associated with aspnet_regiis.exe To all ASP. NET applications under the specified application root path and Its subdirectories. Update the specified path and use the early ASP. NET ISAPI All existing script ing of the version. |
-Sn Path |
Install script ing (the script ing points to the ASP. net isapi version associated with the tool) in the ASP. NET application under the specified application root path. Update all existing script mappings using earlier ASP. net isapi versions in the specified path. This option does not affectPath. |
-U |
Uninstall the ASP. NET version associated with the ASP. net iis registration tool from your computer. The existing script ing of this ASP. net isapi version is automatically remapped to the latest version of other installed ASP. NET isapis. |
-UA |
Uninstall all ASP. NET versions from your computer. |
-? |
Displays the command syntax and options of the ASP. net iis registration tool. |
Configuration Options
Option
|
Description
|
-Config + |
Allow Remote Access to ASP. NET configurations on the computer. |
-Config- |
Remote Access to ASP. NET configurations on the computer is prohibited. |
-Pa container account |
grant access to a specified account for a specified user or group container . This parameter uses the following optional modifier:
-
-PKU Replace the default computer container with the container specified by the user.
-
-CSP provider specifies the container provider to use.
-
-full indicates that the full access permission should be added instead of the default read-only access permission.
|
-Pc container |
Create an RSA public/private key pair in the specified container. This parameter uses the following optional modifier:
-
-size keysize specifies the key size. The default value is 1024 bytes.
-
-PKU Replace the default key container on the computer with the container specified by the user.
-
-exp specifies the private key that must be exported.
-
-CSP provider specifies the container provider to use.
|
-Pd Section |
Decrypts the configuration section. This parameter uses the following optional parameters:
-App VirtualpathSpecifies that decryption should be performed at the level of the included path.
-Location SubpathSpecify the subdirectory to decrypt.
-PKMSpecify that the machine. config file instead of the web. config file should be decrypted.
|
-PDF Section webapplicationdirectory |
Decrypts the specified configuration section of the web. config file in the specified physical (non-virtual) directory. |
-PE Section |
Encrypts the specified configuration section. This parameter uses the following optional modifier:
-Prov ProviderSpecifies the encryption provider to use.
-App VirtualpathSpecifies that encryption should be performed at the included path level.
-Location SubpathSpecify the subdirectory to be encrypted.
-PKMSpecify that the machine. config file should be encrypted instead of the web. config file.
|
-Wordpress Section webapplicationdirectory |
Encrypts the specified configuration section of the web. config file in the specified physical (non-virtual) directory. |
-Pi Container File |
Extract the RSA public/private key pair from the specified XMLFileImport the specifiedContainer. This parameter uses the following optional modifier:
-PKUReplace the default computer container with the container specified by the user.
-ExpSpecifies that the private key can be exported.
-CSP ProviderSpecify the container provider to use.
|
-Pr Container account |
Remove a specified user or groupAccountFor the specified itemContainer. This parameter uses the following optional modifier:
|
-Px Container File |
Import the RSA public/private key pair from the specified container to the specified XML file. This parameter uses the following optional modifier:
|
-PZ Container |
Deletes the specified key container. This parameter uses the following optional modifier:
|