Encrypting and decrypting a configuration file is a powerful
feature of ASP.NET 2.0. The encryption data is useful especially when we are
dealing with sensitive data like username and password within web applications.
Although ASP.NET configures IIS to prevent browser accessing web.config files,
it is not a good practice to leave the configuration files in plain text.
Even if the configuration section is encrypted, the data can
be read by configuration API. This means that the configuration values are
impossible to read through a text editor. To programmatically set a
configuration section to be encrypted we can call the
ConfigurationSection.SectionInformation property to get section information
object. To decrypt the encrypted section we call the method UnprotectSection()
of SectionInformation class. The examples shown above support the same.
The programmer has to ensure that ASP.NET worker process
account has enough privileges to modify the web.config file of the application.