Encrypting Web.Config Values in ASP.NET 2.0
One of the cool new features in the configuration system with ASP.NET 2.0 is the ability to encrypt any of the values stored within them (note: this works with any configuration section -- including ones you build yourself). This is obviously important when storing sensitive information like connection strings -- and now enables you to avoid having to roll your own solution.
Here are a few other good articles I found on the web that discuss it more as well:
http://msdn2.microsoft.com/en-us/library/zhhddkxy.aspx http://blogs.msdn.com/federaldev/archive/2005/11/08/490319.aspx http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx http://aspdot.net/articles/encryptedconnstring/ http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx http://weblogs.asp.net/owscott/archive/2005/07/29/421063.aspx Look at the following simple example to encrypt a section in web.config
The ASP.NET IIS Registration Tool (Aspnet_regiis.exe) can encrypt and decrypt sections of web.config. There is no special code required in an application, as ASP.NET 2.0 will magically decrypt sections at runtime.
The tool and runtime can also work together to encrypt and decrypt custom configuration sections. So if I have the following in web.config:
name="sampleSection" type="System.Configuration.SingleTagSectionHandler" />
FavoriteMusic="Disco" FavoriteLanguage="COBOL" DreamJob="Dancing in the opening ceremonies of the Olympics" />
All I need to do from the command line, is:
aspnet_regiis -pef MySecrets .
Hope this helps,
Pankaj
Tuesday, January 23, 2007
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment