Encrypt Web.Config Extension for BlogEngine.Net

by chris 12/14/2007 11:01:00 PM

I wanted to extend my previous efforts of providing a means to encrypt your web.config file without dropping to a command line.  This is mainly for those who are relying on a web hosting provider and can not get access to the command prompt to encrypt the file using the aspnet_regiis.exe command.  So to accomplish my goal I created an admin page that can be used within the BlogEngine.Net administrators pages.  The zip file includes instructions on how to set it up so I won't go through them here.  You can download the extension here.

There are a couple of points worth mentioning:

The web application must have the trust level set to Full.  Now before you start screaming about how bad this is please remember that you can temporarily switch the trust level to full while you encrypt the web.config, and then switch it back to High (slightly better than Full) or Medium (much better) or even low (good luck getting your application to work) once you are done.

The code will automatically handle imbedded .config files.  For example, the default BlogEngine.Net web.config references sql.config for the sql connection strings.  If you select connectionStrings to encrypt then the code will actually encrypt the connection string information in the sql.config file.

If you are running more than one server then you do not want to use this code.  There is an alternative method of encrypting your data that will provide you with a set of RSA keys that can be shared across all of your web farm servers.  See this MSDN article for more information.

I have included the basic list of sections that came to mind during the development of this code.  If you have a custom configuration section that you want to add to the options then you are free to open up the .aspx.cs and add it, or you can send me an email and I will make the change and send it back to you.

Disclaimer

Lastly, I have used this code on most all of my servers without any problems.  If you decide to use this code and something terribly wrong happens to your web.config, then you are on your own.  I will not be held responsible for anything that happens to your web.config file.  Please backup your web.config file (you do perform regular backups on your entire website, right?!) before you run this code just to be sure.

As always, if you run into any trouble or have any questions I will try and do my best to help you out.

Cheers!

Encrypt_Web.Config.zip (3.89 kb)


, , ,

BlogEngine.NET | Technology

kick it up to DotNetKicks.com  
Permalink Comments (8) Post RSSRSS comment feed

Related posts

Comments

1/6/2008 11:56:24 AM

Sam MacDonald

Chris this is a great utility to have within the BlogEngine.net framework or any other framework for that matter.

Sam MacDonald ca

2/15/2008 8:32:27 AM

pingback

Pingback from andyskipper.com

andyskipper.com - freelance web developer in london

andyskipper.com

3/4/2008 6:51:21 PM

Garry McGlennon

I might be missing something here, but is there any reason why you wouldn't encrypt the config section locally (your machine) then just upload the new file?

Garry McGlennon au

3/5/2008 1:10:18 PM

Chris

I'm not sure how you could encrypt the web.config contents remotely and still have the web site decrypt on the fly to get the encrypted data. Did I miss a feature that allows this functionality?

Chris us

3/26/2008 12:07:03 PM

David

I'm not sure how you could encrypt the web.config

David es

3/26/2008 12:59:00 PM

Chris

Easy. Have a look at msdn2.microsoft.com/en-us/library/ms998280.aspx for more information... My extension simply provides a way to do this from the web and not have to drop to a command line.

Chris us

3/28/2008 11:31:45 PM

megupload links

i still think that, programers cant develop an open source program on windows is not right (no ofending)

megupload links us

5/8/2008 4:15:15 AM

Andre Tagesgeld

???
Open source means, that the source is public. You can run BlogEngine.NET on Linux, too (Mono). So what?

Andre Tagesgeld de

Add comment


(Will show your Gravatar icon)  

  Country flag

[b][/b] - [i][/i] - [u][/u]- [quote][/quote]



Powered by BlogEngine.NET Theme by Mads Kristensen © 2008 Chris Blankenship Sign in
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway
Page Updated Thursday, May 01, 2008

Welcome to my blog

Welcome to my site

Don't sweat the petty stuff...
...and don't pet the sweaty stuff

Subscribe to comments feed Recent comments exp/col

Ramblings Tags exp/col

My Delicious Tags Del.icio.us Tags exp/col

Download my OPML file Blogroll exp/col

Categories exp/col

Available Downloads exp/col

View Chris Blankenship's profile on LinkedIn   DSCODUC on Technorati

check out my neighbors in meatspace  

Stop Spam Harvesters, Join Project Honey Pot   This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License