Documentation Center

Setting up encryption and decryption of sensitive values in a Content Delivery .NET Web application

Put sensitive strings, such as passwords and secrets, in a special section of your Web.config file, and use the aspnet_regiis command to encrypt and decrypt that section of the file.

Before you begin

To run aspnet_regiis, the encryption/decryption tool, you require administrator-level access.

Procedure

  1. Open the Web.config file of a .NET Web application for editing that contains settings you want to encrypt.
  2. In the configSections section, define a section for such settings by adding the following (on one line):
    <section name="secureAppSettings" 
      type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  3. Add a secureAppSettings section, containing any number of add elements, containing key-value pairs whose values should be encrypted. For example:
    <secureAppSettings>
      <add key="mySecret" value="KumQu@t" />
    </secureAppSettings>
  4. Save and close Web.config.
  5. To encrypt the values in the secureAppSettings section, run the following command from the Windows command prompt:
    aspnet_regiis -pef "secureAppSettings" "DRIVE:\PATH\TO\WEBAPP\"

    where DRIVE:\PATH\TO\WEBAPP\ is the full path to the folder that contains the Web.config file you edited.

  6. Conversely, you can decrypt the values whenever necessary by running the following command:
    aspnet_regiis -pdf "secureAppSettings" "DRIVE:\PATH\TO\WEBAPP\"