Example:
How to encrypt/decrypt connectionStrings and SessionState section on Web.Config file?
This is a codebehid sample script written on C# to perform Encrypt and Decrypt procedure against few items on Web.Config file. Single ASP.NET page can perform this task easily, so you don’t have to write any code in command prompt.
Declare this namespace:
|
1 2 3 |
using System.Web; using System.Web.Configuration; using System.Web.Security; |
The code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
... private void ProtectSection(string sectionName,string provider) { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection section = config.GetSection(sectionName); if (section != null && !section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection(provider); config.Save(); } } private void UnProtectSection(string sectionName) { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection section = config.GetSection(sectionName); if (section != null && section.SectionInformation.IsProtected) { section.SectionInformation.UnprotectSection(); config.Save(); } } ... |
Note that there’s two string variable to be fill
|
1 |
string sectionName//can be any section on your web.config (connectionstrings,system.web/sessionState ,etc...) |
|
1 |
string Provider //can be any provider available (DataProtectionConfigurationProvider, etc...) |
This method need identity impersonate setting set to “true” in Web.Config file. In this case i’m using domain user (coz all my dev server under domain controller).
|
1 2 3 4 5 |
... < identity impersonate="true" userName="DOMAINuser" password="pass" />; ... |
After performing Encrypting and Decrypting method, you should delete the page and identity impersonate section in web.config.