01 - Creating Encrypted Configuration Sections

Hi,

Here we’ll cover the Encrytion of Configuration file.

The topic covered will be –

- Creating Encrypted Configuration Sections

- Encrypting Sections with the aspnet_regiis tool

- Encrypting Sections Programmatically

- Deploying Encrypted Web Configuration Files

Creating Encrypted Configuration Sections

·                If you need to protect sensitive information stored in a configuration file, you can encrypt the information. 

·                You can encrypt just about any section in the web configuration file with the sole exception of the processModel section

·                You also can encrypt a custom configuration section.

·                The .NET Framework uses the Provider Model for encrypting configuration sections. 

·                The Framework ships with two ProtectedConfigurationProviders: 

o                           RsaProtectedConfigurationProvider 

§    It is the default provider.

§    Uses Public Key Cryptography.

§    This is the one you should almost always use – 

§                             Reason: Provider supports exporting and importing encryption keys. This means that you can move an application that contains an encrypted configuration file from one web server a new web server.

o                           DpapiProtectedConfigurationProvider

§    It uses either Triple-DES or AES

§    Should not be recommended.

§                             Reason: If we use this to encrypt a configuration section, on the other hand, then you cannot decrypt the configuration section on another web server. 

§                             i.e. If you need to move the configuration file from one server to another, then you need to first decrypt the configuration file on the source server and re-encrypt the configuration file on the destination server.

Hope this helps

Thanks & Regards,

Arun Manglick || Senior Tech Lead