Page 1 of 1

Encrypting/Decrypting your App.config or Web.config

#1 EvLSnoopY  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 17
  • View blog
  • Posts: 93
  • Joined: 24-November 09

Posted 22 June 2011 - 02:11 PM

Developer Brock: Yes! I'm finally ready to release my application out into the wild!
Developer Ash: Hold up there Brock, what's that connection string doing sitting in plain text in your App.config file?
Developer Brock: Uhh...
Developer Ash: Let me show you how to encrypt it.
Developer Brock: OK!

This tutorial is for developers who want to secure the information in their .NET App.config or Web.config file(s).
One of the best ways to protect that information is to use Microsoft's aspnet_regiis.exe application to encrypt the data.

In this tutorial you will learn how to not only Encrypt your .config files but Decrypt them as well.

What's needed

  • The path to your App.config or Web.config file
  • aspnet_regiis.exe

Aspnet_regiis.exe's Location

There are two IIS Registration Tools that ship with the .NET Framework; one for 32-bit systems and one for 64-bit systems.

[ 32-bit Systems ]

The aspnet_regiis.exe will be found in one of the following locations:
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
  • C:\WINDOWS\Microsoft.NET\Framework32\v2.0.50727


[ 64-bit Systems ]

The aspnet_regiis.exe will be found in one of the following locations:
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
  • C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727

So Let's Get Started!

Encrypt your App.config

  • Rename the App.config in your project's directory to Web.config
    (This is just a temporary name change, we'll change it back to it's original name shortly)
  • Open up a command prompt (Windows Key + R)
  • Type the following command:

    %windir%\Microsoft.NET\Framework<your framework number if applicable>\v2.0.50727\aspnet_regiis -pef "connectionStrings" <type your full path to directory containing your web.config file>

    For an example, the following command is what I had to type:
    %windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "\\myserver\users\evlsnoopy\visual studio 2010\Projects\Education_Linq\Education_Linq"

  • After aspnet_regiis.exe is done, it will say Succeeded!
  • Now go back to your Web.config file and rename it back to App.config
  • Open your App.config file and you will see it has been Triple DES Encrypted



Decrypt your App.config

  • Do steps 1 & 2 from the Encrypt your App.config section
  • Type the exact same command you typed to encrypt your Web.config, but change the -pef flag to -pdf
  • Once again, after aspnet_regiis.exe is done, it will say Succeeded!
  • Now go back to your Web.config file and rename it back to App.config
  • Open your App.config file and you will see it has been decrypted

Links

Aspnet_regiis.exe can do a whole lot more than encrypting your App.config file.
For more information, go to Microsoft's ASP.NET IIS Registration Tool page.

Now it's time to say goodbye to all our family, mickey mouse!
That's the end of this tutorial! Even though there are possibly other ways of doing what I have done, I hope you have found this tutorial interesting; and if you have any questions, corrections, or concerns please feel free to send me a direct message or leave your message in the comment section below.


Is This A Good Question/Topic? 1
  • +

Page 1 of 1