Encrypt that Web.Config

by Chris 10/30/2007 6:19:00 PM

When configuring your website it is sometimes necessary to include information in the web.config file that you don’t want others to see.  I’m not even talking about usernames and passwords, since IIS6 allows you to configure a website to run in under an application pool using specific user credentials.  I am talking more specifically about application settings and database connection strings. 


If you must place sensitive information into the web.config file than you have a couple of options:  First you can come up with some crafty encryption methods to read and write the contents of your web.config file (bad idea).  Second you can leverage the aspnet_regiis.exe command line tool to encrypt the sections of your web.config file (good idea).  Last, leverage some new features in the .NET 2.0 to encrypt the web.config programatically


I wanted to make life easier on myself so I borrowed some code from other people and came up with an interface page that can perform the changes to the web.config using an .aspx file.  You are welcome to download the EncDecWebConfig.zip file if you would like and see if they will work for you.


 


,

Security | Technology

kick it up to DotNetKicks.com  
Print Permalink Comments (1) Post RSSRSS comment feed

Comments

Add comment


(Will show your Gravatar icon)  

biuquote
  • Comment
  • Preview
Loading




Powered by BlogEngine.NET Theme by Mads Kristensen Hosted by 1and1 Hosting Sign in
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way. © 2008 Chris Blankenship

DSCODUC on Technorati  

Stop Spam Harvesters, Join Project Honey Pot   This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License  

Welcome to my blog

Welcome to my site

Villainy wears many masks,
none of which so dangerous as virtue…



LinkedIn   GeoURL

Recent Comments

Comment RSS

Wordle Gallery

Shelfari Book Library