Documentation Center

Encrypting the web.config password

As it is not good practice to include sensitive data in configuration files in clear text, it is recommended to encrypt sensitive data in the web.config using the aspnet_regiis.exe.

Before you begin

To decrypt and encrypt a section of the web.config file, the ASP.NET process must have permission to read the appropriate encryption key information. For more information, see: http://msdn.microsoft.com/en-us/library/yxw286t2.aspx

For an overview of protected configuration, see http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx

Procedure

  1. Open a command prompt and enter the following command:
    aspnet_regiis.exe -pef "appSettings" <appfolder>

    where:

    • "appSettings" is the section in the web.config where you want to encrypt passwords.
    • <appfolder> is the root folder of the Archive Manager Explorer Web application where the web.config is located.
  2. Restart the Web application.

Results

You have encrypted passwords in the <appSettings> section, specifically the password for the Archiver database and if you have set up authentication the authentication password.