Put sensitive strings, such as passwords and secrets, in a special section of your Web.config file, and use the aspnet_regiis command to encrypt and decrypt that section of the file.
Before you begin
To run aspnet_regiis, the encryption/decryption tool, you require administrator-level access.
Procedure
- Open the Web.config file of a .NET Web application for editing that contains settings you want to encrypt.
- In the
configSections section, define a section for such settings by adding the following (on one line):
<section name="secureAppSettings"
type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
- Add a
secureAppSettings section, containing any number of add elements, containing key-value pairs whose values should be encrypted. For example:
<secureAppSettings>
<add key="mySecret" value="KumQu@t" />
</secureAppSettings>
- Save and close Web.config.
- To encrypt the values in the
secureAppSettings section, run the following command from the Windows command prompt:
aspnet_regiis -pef "secureAppSettings" "DRIVE:\PATH\TO\WEBAPP\"
where DRIVE:\PATH\TO\WEBAPP\ is the full path to the folder that contains the Web.config file you edited.
- Conversely, you can decrypt the values whenever necessary by running the following command:
aspnet_regiis -pdf "secureAppSettings" "DRIVE:\PATH\TO\WEBAPP\"