Here we’ll cover the Encrytion of Configuration file.
The topic covered will be –
- Creating Encrypted Configuration Sections
- Encrypting Sections with the aspnet_regiis tool
- Encrypting Sections Programmatically
- Deploying Encrypted Web Configuration Files
Creating Encrypted Configuration Sections
· If you need to protect sensitive information stored in a configuration file, you can encrypt the information.
· You can encrypt just about any section in the web configuration file with the sole exception of the processModel section
· You also can encrypt a custom configuration section.
· The .NET Framework uses the Provider Model for encrypting configuration sections.
· The Framework ships with two ProtectedConfigurationProviders:
§ It is the default provider.
§ Uses Public Key Cryptography.
§ This is the one you should almost always use –
§ Reason: Provider supports exporting and importing encryption keys. This means that you can move an application that contains an encrypted configuration file from one web server a new web server.
§ It uses either Triple-DES or AES
§ Should not be recommended.
§ Reason: If we use this to encrypt a configuration section, on the other hand, then you cannot decrypt the configuration section on another web server.
§ i.e. If you need to move the configuration file from one server to another, then you need to first decrypt the configuration file on the source server and re-encrypt the configuration file on the destination server.
Hope this helps
Thanks & Regards,
Arun Manglick || Senior Tech Lead