EPiWiki.se  - EPiServer notes shared with others
 

Encrypting Web.Config sections

[Edit]

The easiest setup (one file for each machine)


All connection strings on production machines should be encrypted this is too easy just run the command

aspnet_regiis.exe -pef connectionStrings .

in the sites web root (the dot at the end indicates the directory)

Example



C:\Inetpub\webroot> c:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_regiis.exe-pef connectionStrings .
Encrypting configuration section ...
Succeeded!


Important


If you encrypt your connectionsString.config file it has to be decrypted when running the EPiServer installer.

aspnet_regiis.exe -pdf connectionStrings .


The hard and probebly the recomended way for web farms


All web.config should include

<configuration>
  <configProtectedData>
    <providers>
      <add keyContainerName="Site_Key"
        useMachineContainer="false"
        name="SiteKeyProvider"
  type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </configProtectedData>

Create key container

aspnet_regiis -pc "Site_Key" -exp

Export key container

aspnet_regiis -px "Site_Key" .\Site_Key.xml

Import key on another computer

aspnet_regiis -pi "Site_Key" ".\Site_Key.xml"


Grant access to the key for a user

aspnet_regiis -pa "Site_Key" "NT Authority\Network Service"


Cryp the connections section

aspnet_regiis -pef "connectionStrings" . -prov "SiteKeyProvider"


Read more


patterns & practices -How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
Encrypting Web.Config Values in ASP.NET 2.0 by ScottGu
Version author:
Mattias Lövström

EPiServer version

All