Encrypting Web.Config using Command Line Arguments

Dheeraj Kumar Gunti

Reading Time : ( words)

This Article Provides a step-by-step example for encrypting sections of a configuration file for an ASP.NET application. Protected Configuration helps improve the security of an application by letting you encrypt sensitive information that is stored in a Web.config file. You can use aspnet_regiis.exe to encrypt sections of the Web.config file and manage encryption keys. ASP.NET decrypts the configuration file when it processes the file. Therefore, decryption does not require any additional code. At the command prompt, change the directory to the .NET Framework version 2.0 directory by typing the following command:

cd \WINDOWS\Microsoft.Net\Framework\v2.0.*

At the command prompt, run aspnet_regiis.exe with the following options: The -pe option and the string "connectionStrings" to encrypt the connectionStrings element of the Web.config file for your application. The -app option and the name of your application. For example, the following command encrypts the section of the Web.config file for an application named MyApplication.

aspnet_regiis -pe "connectionStrings" -app "/MyApplication"

Repeat the preceding step for the child element of the element, as shown in the following example:

aspnet_regiis -pe "system.web/machineKey" -app "/MyApplication"

Do not close the Command Prompt window.

aspnet_regiis -pd "connectionStrings" -app "/MyApplication"
aspnet_regiis -pd "system.web/machineKey" -app "/MyApplication"
  • Create a custom RSA key container.
  • Specify a Protected Configuration provider that uses a custom RSA key container.
  • Encrypt sections of a Web.config file by using a custom RSA key container.
  • Export a custom RSA key container to an XML file.
  • Import a custom RSA key container from an XML file.

To create a machine-level RSA key container Open a command prompt. To do this, in Microsoft Windows, click Start, click Run, in the Open box, type cmd, and then click OK. At the command prompt, enter the following command to change the directory to the .NET Framework version 2.0 directory:

cd \WINDOWS\Microsoft.Net\Framework\v2.0.*

Create a new, machine-level RSA key container by running aspnet_regiis.exe with the following options: The -pc option followed by the name of the RSA key container, to create the RSA key pair. The -exp option, to make sure that the key is exportable. The following command will create the "MyKeys" key container.

aspnet_regiis -pc "MyKeys" -exp

Do not close the Command Prompt window. -px - decrypting -pri - make sure that private key information is exported. other wise the exported key information only encrypts not decrypt it.

aspnet_regiis -px "MyKeys" "c:\keys.xml" -pri

-pz - delete key container

aspnet_regiis -pz "MyKeys"

-pi = importing a key container from xml.

aspnet_regiis -pi "MyKeys" "c:\keys.xml"