Web. config file encryption

Source: Internet
Author: User

In general, we need to encrypt some sensitive information in the web. config file. Encryption is usually considered for the following nodes. In addition, many nodes are usually not encrypted, or even cannot be encrypted:

1) <deleetask> generally contains custom information.
2) <connectionstrings> This is familiar to everyone and contains the strings used to connect to the database.
3) <identity> contains the account information when impersonate is used.
4) <sessionstate> contains the connection string that places the session outside the process.

What do we usually want to use when it comes to encryption?AlgorithmEncryption, how to encrypt. First, ASP. NET provides two encryption methods: dpapi and RSA. We can choose one of the methods to encrypt our web. config. For the second question, we have two methods in the same way. Use the aspnet_regiis.exe tool orProgramChina siteCodeEncryption.

First, let's talk about some commands that use aspnet_regiis.exe to encrypt. Open the command line window of Visual Studio, and then enter aspnet_regiis /?, We can view some help information about aspnet_regiis. In this example, we use dpapi to encrypt connectionstrings. The website is in the sample1 virtual directory of IIS:

Aspnet_regiis-pe "connectionstrings"-app "/sample1"-prov "dataprotectionconfigurationprovider"

If we haven't used publish to IIS for our website, we can use the following command to encrypt-provide the absolute path of Website:

Aspnet_regiis-FFE "connectionstrings" C: \ projects \ sample1-prov "dataprotectionconfigurationprovider"

This simple encryption is complete. When obtaining the encrypted information, we can use the following code to automatically decrypt the information:

String connstr = configurationmanager. connectionstrings ["test"]. connectionstring;

If you want to change the encrypted node back to the original state, you can use the-Pd parameter:

Aspnet_regiis-Pd "connectionstrings"-app "/sample1"

 

Similarly, we can use the program for encryption and decryption.

Encryption:

Code
// Get the current configuration file.
Configuration config = Webconfigurationmanager. openwebconfiguration (request. applicationpath );

//Get the section.
Configurationsection appsec=Config. getsection ("Appsettings");

If (appsec ! = null & ! appsec. sectioninformation. isprotected)
{
// protect (encrypt) the section.
appsec. sectioninformation. protectsection ( " dataprotectionconfigurationprovider " );

//Save the encrypted section.
Appsec. sectioninformation. forcesave= True;
Config. Save ();
}

Decryption:

Code
Configuration config = Webconfigurationmanager. openwebconfiguration (request. applicationpath );

Configurationsection Section=Config. getsection ("Appsettings");

If(Section! = Null &&Section. sectioninformation. isprotected)
{
Section. sectioninformation. unprotectsection ();
Config. Save ();
}

 

However, when you move the encrypted website to another IIS, it cannot be decrypted because the Encrypted Key is stored on the local machine. In this case, you need to re-use aspnet_regiis on another server for encryption.

RSA and dpapi are a bit different. Dpapi keys are difficult to export, while Ras keys are easy to export. This indicates that RSA can be used locally for encryption, and this key can be exported and installed on the server for decryption.

Have a nice day!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.