Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Encrypting and Decrypting Configuration File
page 2 of 5
by Uday Denduluri
Feedback
Average Rating: 
Views (Total / Last 10 Days): 26598/ 56
Why encryption for Configuration?

It is very necessary that the configuration files need to be encrypted. This encryption enables the security for configuration files. Hence, they cannot be read by any text editor. The configuration files may have crucial information which should be protected. It may contain simple User credentials or database information access information like Server name, Database Name, User ID and Password. Protected configuration enables us to encrypt sections of an ASP.NET application's Web.config file in order to protect sensitive information used by the application.

This can improve the security of our application by making it difficult for an attacker to gain access to the sensitive information even if an attacker gains access to your Web.config file. ASP.NET includes two protected configuration providers that can be used to encrypt sections of a Web.config file: RSAProtectedConfigurationProvider, which uses the RSACryptoServiceProvider to encrypt configuration sections, and DPAPIProtectedConfigurationProvider, which uses the Windows Data Protection API (DPAPI) to encrypt configuration sections.

A powerful feature has been introduced in ASP.NET 2.0 where the configuration file can be encrypted. Almost all the sections can be encrypted including the user defined sections. Some of the sections like <HttpRuntime> cannot be encrypted. These sections are accessed from IIS and should not be encrypted.
View Entire Article

User Comments

Title: Good one..   
Name: Gourik Kumar Bora
Date: 2009-03-04 1:03:41 AM
Comment:
Hi,
Its really good .can you please tell me how can i ensure that asp.net worker process will modify the web.config.
thanks in advance
Gourik
Title: Encrypting and decrypting a configuration file   
Name: Nitin Dixit
Date: 2007-07-26 3:46:41 AM
Comment:
Dear Uday,
How can i use my configuration after encryption?
Means lets suppose we have a connectionstring of my application and i encrypt that particular config section.
Now in my code behind how can i use it??????

thanks & Regards
Nitin Dixit






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-19 3:33:00 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search