Developer Brock: Yes! I'm finally ready to release my application out into the wild!
Developer Ash: Hold up there Brock, what's that connection string doing sitting in plain text in your App.config file?
Developer Brock: Uhh...
Developer Ash: Let me show you how to encrypt it.
Developer Brock: OK!
This tutorial is for developers who want to secure the information in their .NET App.config or Web.config file(s).
One of the best ways to protect that information is to use Microsoft's aspnet_regiis.exe application to encrypt the data.
In this tutorial you will learn how to not only Encrypt your .config files but Decrypt them as well.
What's needed
Aspnet_regiis.exe's Location
There are two IIS Registration Tools that ship with the .NET Framework; one for 32-bit systems and one for 64-bit systems.
[ 32-bit Systems ]
The aspnet_regiis.exe will be found in one of the following locations:
[ 64-bit Systems ]
The aspnet_regiis.exe will be found in one of the following locations:
So Let's Get Started!
Encrypt your App.config
Decrypt your App.config
Links
Aspnet_regiis.exe can do a whole lot more than encrypting your App.config file.
For more information, go to Microsoft's ASP.NET IIS Registration Tool page.
Now it's time to say goodbyeto all our family, mickey mouse!
That's the end of this tutorial! Even though there are possibly other ways of doing what I have done, I hope you have found this tutorial interesting; and if you have any questions, corrections, or concerns please feel free to send me a direct message or leave your message in the comment section below.
Developer Ash: Hold up there Brock, what's that connection string doing sitting in plain text in your App.config file?
Developer Brock: Uhh...
Developer Ash: Let me show you how to encrypt it.
Developer Brock: OK!
This tutorial is for developers who want to secure the information in their .NET App.config or Web.config file(s).
One of the best ways to protect that information is to use Microsoft's aspnet_regiis.exe application to encrypt the data.
In this tutorial you will learn how to not only Encrypt your .config files but Decrypt them as well.
What's needed
- The path to your App.config or Web.config file
- aspnet_regiis.exe
Aspnet_regiis.exe's Location
There are two IIS Registration Tools that ship with the .NET Framework; one for 32-bit systems and one for 64-bit systems.
[ 32-bit Systems ]
The aspnet_regiis.exe will be found in one of the following locations:
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
- C:\WINDOWS\Microsoft.NET\Framework32\v2.0.50727
[ 64-bit Systems ]
The aspnet_regiis.exe will be found in one of the following locations:
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727
So Let's Get Started!
Encrypt your App.config
- Rename the App.config in your project's directory to Web.config
(This is just a temporary name change, we'll change it back to it's original name shortly)
Open up a command prompt (Windows Key + R)
Type the following command:
%windir%\Microsoft.NET\Framework<your framework number if applicable>\v2.0.50727\aspnet_regiis -pef "connectionStrings" <type your full path to directory containing your web.config file>
For an example, the following command is what I had to type:
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "\\myserver\users\evlsnoopy\visual studio 2010\Projects\Education_Linq\Education_Linq"
After aspnet_regiis.exe is done, it will say Succeeded!
Now go back to your Web.config file and rename it back to App.config
Open your App.config file and you will see it has been Triple DES Encrypted
Decrypt your App.config
- Do steps 1 & 2 from the Encrypt your App.config section
Type the exact same command you typed to encrypt your Web.config, but change the -pef flag to -pdf
Once again, after aspnet_regiis.exe is done, it will say Succeeded!
Now go back to your Web.config file and rename it back to App.config
Open your App.config file and you will see it has been decrypted
Links
Aspnet_regiis.exe can do a whole lot more than encrypting your App.config file.
For more information, go to Microsoft's ASP.NET IIS Registration Tool page.
Now it's time to say goodbye
That's the end of this tutorial! Even though there are possibly other ways of doing what I have done, I hope you have found this tutorial interesting; and if you have any questions, corrections, or concerns please feel free to send me a direct message or leave your message in the comment section below.
MultiQuote
| 