Encrypting and Decrypting Configuration File
page 5 of 5
by Uday Denduluri
Average Rating: 
Views (Total / Last 10 Days): 26598/ 51


Encrypting and decrypting a configuration file is a powerful feature of ASP.NET 2.0. The encryption data is useful especially when we are dealing with sensitive data like username and password within web applications. Although ASP.NET configures IIS to prevent browser accessing web.config files, it is not a good practice to leave the configuration files in plain text.

Even if the configuration section is encrypted, the data can be read by configuration API. This means that the configuration values are impossible to read through a text editor. To programmatically set a configuration section to be encrypted we can call the ConfigurationSection.SectionInformation property to get section information object. To decrypt the encrypted section we call the method UnprotectSection() of SectionInformation class. The examples shown above support the same.

The programmer has to ensure that ASP.NET worker process account has enough privileges to modify the web.config file of the application.

View Entire Article

User Comments

Title: Good one..   
Name: Gourik Kumar Bora
Date: 2009-03-04 1:03:41 AM
Its really good .can you please tell me how can i ensure that asp.net worker process will modify the web.config.
thanks in advance
Title: Encrypting and decrypting a configuration file   
Name: Nitin Dixit
Date: 2007-07-26 3:46:41 AM
Dear Uday,
How can i use my configuration after encryption?
Means lets suppose we have a connectionstring of my application and i encrypt that particular config section.
Now in my code behind how can i use it??????

thanks & Regards
Nitin Dixit

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-13 10:10:57 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search