EPiWiki.se  - EPiServer notes shared with others

Encrypting Web.Config sections


The easiest setup (one file for each machine)

All connection strings on production machines should be encrypted this is too easy just run the command

aspnet_regiis.exe -pef connectionStrings .

in the sites web root (the dot at the end indicates the directory)


C:\Inetpub\webroot> c:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_regiis.exe-pef connectionStrings .
Encrypting configuration section ...


If you encrypt your connectionsString.config file it has to be decrypted when running the EPiServer installer.

aspnet_regiis.exe -pdf connectionStrings .

The hard and probebly the recomended way for web farms

All web.config should include

      <add keyContainerName="Site_Key"
  type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

Create key container

aspnet_regiis -pc "Site_Key" -exp

Export key container

aspnet_regiis -px "Site_Key" .\Site_Key.xml

Import key on another computer

aspnet_regiis -pi "Site_Key" ".\Site_Key.xml"

Grant access to the key for a user

aspnet_regiis -pa "Site_Key" "NT Authority\Network Service"

Cryp the connections section

aspnet_regiis -pef "connectionStrings" . -prov "SiteKeyProvider"

Read more

patterns & practices -How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
Encrypting Web.Config Values in ASP.NET 2.0 by ScottGu
Version author:
Mattias Lövström

EPiServer version