how to encrypt/decrypt of web.config in asp dot net

Question

0.00/5 (No votes)

See more:

Hi
I have to host my application in a shared server.i fear that he may see my appsettings.so,I want to encrypt appsettings in web config file alone by coding or by any means.How to do this plz help.

How to Ecrypt/Decrypt Web config <appsettings> in asp dot net 4.0?

Posted 12-Mar-13 21:17pm

rahamathullah.v

Add a Solution

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Shubham Choudhary · Answer 1 · 2013-03-12T22:16:00

Hi!!!

1. for this you want to firstly encrypt your web.config file text!!!
/*-------------------------------------------------------------------------------------*/

/*Encription of Web.Config*/
/*

C#

private void EncryptAppSettings()
    {
        Configuration objConfig =
          WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        AppSettingsSection objAppsettings =
          (AppSettingsSection)objConfig.GetSection("appSettings");
        if (!objAppsettings.SectionInformation.IsProtected)
        {
            objAppsettings.SectionInformation.ProtectSection(
                           "RsaProtectedConfigurationProvider");
            objAppsettings.SectionInformation.ForceSave = true;
            objConfig.Save(ConfigurationSaveMode.Modified);
        }
    }

/*Decription of Web.Config*//*

C#

private void DecryptAppSettings()
 {
     Configuration objConfig =
       WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
     AppSettingsSection objAppsettings =
       (AppSettingsSection)objConfig.GetSection("appSettings");
     if (objAppsettings.SectionInformation.IsProtected)
     {
         objAppsettings.SectionInformation.UnprotectSection();
         objAppsettings.SectionInformation.ForceSave = true;
         objConfig.Save(ConfigurationSaveMode.Modified);
     }
 }

/*-------------------------------------------------------------------------------------*/

[Edit]
2. (Added from another answer box)

visit article on this link!!!
Encrypt and Decrypt Text with a Specified Key[^]

from this link you are able to encrypt the text!!
and i m giving u a function to decrypt the text use on class file and call on the function when u need

C#

public static string DecValue(string cipherText)
   {
       if (ConfigurationManager.AppSettings["Encr"] != "1")
       {
           return cipherText;
       }
       else
       {
           Crypto1 a = new Crypto1();
           return a.DecryptStringAES(cipherText, "o7x8y6");
       }
   }


   }

[/Edit]

rahamathullah.v · Answer 2 · 2013-03-13T00:24:00

Solution 2

Hi thanks for helping me ....i have one more doubt? Do i have to decrypt <appsettings> before i try using that in my code....and i want to decrypt that web.config appsettings before i deploy my web application to my clients shared server..how to do this?....i think this code will work on a event or something but how to decrypt in my machine that works for all computer and give them that copy decrypted ......? how to achieve this

Posted 13-Mar-13 0:24am

rahamathullah.v

Comments

Rajeev Jayaram 13-Mar-13 7:10am

Use 'Have a Question or Comment?' option for your comments.

Keith Barrow 13-Mar-13 8:12am

Hi, please see my solution. You shouldn't need any code at all - the .net framework has a built-in tooling to handle this stuff.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 14-Mar-13 1:59am

This is not an answer.
I guess you want to comment on somebody's answer.
So, click on "Have a Question or Comment" button on the answer box itself and comment there. Don't forget to delete this answer.

Keith Barrow · Answer 3 · 2013-03-13T02:10:00

You don't need to write any code to do this. Since .net 2.0, encryption has been available out of the box. You can use aspnet_regiis to encrypt a section, the framework will descrypt it in your application so you don't need to change a line of code to use it:

http://odetocode.com/blogs/scott/archive/2006/01/08/encrypting-custom-configuration-sections.aspx[^]

This uses the machine key to encrypt so a) this needs to be the same on all machines using encrypted config b) if the fellow-user gets hold of it and knows what they are doing they can decrypt. To work around this you can use a provider to make a key and only grant yourself and the account running the application access to it. http://msdn.microsoft.com/en-us/library/68ze1hb2[^] if using across machines (e.g. webfarm) you'll need to make an exportable key that can used imported to all machines.

This is the general MS guidance on encrypting config: http://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.100).aspx[^]

It has pretty much covered everything I've needed personally.

rahamathullah.v · Answer 4 · 2013-03-13T19:38:00

Hi thanks for your reply

when i tried to encrypt iam getting following Error please help me....to find my error...

C#

System.Security.Cryptography.CryptographicException: Object already exists.

my coding was

C#

Configuration confi = WebConfigurationManager.OpenWebConfiguration("~");
AppSettingsSection objAppsettings = (AppSettingsSection)confi.GetSection("appSettings");
if (!objAppsettings.SectionInformation.IsProtected)
{
objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
//objAppsettings.SectionInformation.ForceSave = true;
confi.Save(ConfigurationSaveMode.Modified, true);
ConfigurationManager.RefreshSection("appSettings");
}

am geting error on line

C#

"confi.Save(ConfigurationSaveMode.Modified, true);"

how to encrypt/decrypt of web.config in asp dot net

4 solutions

Solution 1

Solution 2

Solution 4

Solution 5

Add your solution here

Preview 0