Thursday, July 31, 2008

01 - Creating Encrypted Configuration Sections


Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Creating Encrypted Configuration Sections

·                If you need to protect sensitive information stored in a configuration file, you can encrypt the information. 
·                You can encrypt just about any section in the web configuration file with the sole exception of the processModel section
·                You also can encrypt a custom configuration section.
·                The .NET Framework uses the Provider Model for encrypting configuration sections. 
·                The Framework ships with two ProtectedConfigurationProviders: 
o                           RsaProtectedConfigurationProvider 
§    It is the default provider.
§    Uses Public Key Cryptography.
§    This is the one you should almost always use – 
§                             Reason: Provider supports exporting and importing encryption keys. This means that you can move an application that contains an encrypted configuration file from one web server a new web server.
o                           DpapiProtectedConfigurationProvider
§    It uses either Triple-DES or AES
§    Should not be recommended.
§                             Reason: If we use this to encrypt a configuration section, on the other hand, then you cannot decrypt the configuration section on another web server. 
§                             i.e. If you need to move the configuration file from one server to another, then you need to first decrypt the configuration file on the source server and re-encrypt the configuration file on the destination server.

Hope this helps

Thanks & Regards,

Arun Manglick || Senior Tech Lead

No comments:

Post a Comment