unable to encrypt web.config file using RSA encryption method

Question

I'm new to this process. My requirement is to encrypt appSettings section of an Asp.Net webforms application using RSA encryption method. Further the encrypted files would be deployed to Dev,QA environments with different appSettings values for the same keys. So I should be able to encrypt the file once in a local or dev machine and be able to encrypt qa-web.config and prod-web.config using the same method and deploy them to their respective environments.

I have been following this article from MSDN "https://msdn.microsoft.com/en-us/library/2w117ede.aspx", but I'm getting following exception - "The provider [providername] was not found". Please help in this regard

UPDATE 1: Please find the web.config code, where the appSettings needs to be encrypted:

<connectionStrings>
  <add name="DBConnectionString" connectionString="xxxxxx" providerName="System.Data.SqlClient" />   
</connectionStrings>
<appSettings>
  <add key="abc" value="val" />
  <add key="def" value="val1" />
  <add key="xde" value="val2" />
  <add key="ldf" value="val3" />
</appSettings>
<system.web>
  <authentication mode="None" />
  <compilation debug="true" targetFramework="4.5.2" />
  <httpRuntime targetFramework="4.5.2" />
</system.web>

Answer 1

1) Launch the Developer Command Prompt for VS as an ADMIN and go to the root of the application you want to encrypt, create your own set of keys - eg. My_key

C:\inetpub\wwwroot> aspnet_regiis -pc "My_key"  -exp
Microsoft (R) ASP.NET RegIIS version 4.0.30319.0
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation.  All rights reserved.
Creating RSA Key container...
Succeeded!

2) Add access for the NT Authority service - as the Webserver is running under this authority

C:\inetpub\wwwroot>aspnet_regiis -pa "My_key" "NT AUTHORITY\NETWORK SERVICE"
Microsoft (R) ASP.NET RegIIS version 4.0.30319.0
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation.  All rights reserved.
Adding ACL for access to the RSA Key container...
Succeeded!

3) Add a provider called e.g. "My_Provider" to the web.config, specifying the keys created in step 1 (My_key), under the section.

 <configProtectedData >
    <providers>
      <add name="My_Provider"
           type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
           KeyContainerName="My_key"
           useMachineContainer="true" />
    </providers>
  </configProtectedData>

-->Make sure you launch your VS Developer prompt with full admin rights, if not, you'll get the error.

Step 4) encrypt the connections strings now, specifycing the prodiver called

 C:\inetpub\wwwroot>aspnet_regiis -pe "connectionStrings"  -prov "My_Provider"
Microsoft (R) ASP.NET RegIIS version 4.0.30319.0
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation.  All rights reserved.
Encrypting configuration section...
The protection provider 'MY_Provider' was not found.
Failed!

I had the error because my CMD prompt wasn't launched with full admin. Also, when having more than one application in wwwroot, you'll have to specify which application to encrypt using the -app "/application1" parameter

from here on it's a matter of exporting the keys to an XML file and import these on your DEV/UAT/PROD servers and then delete the XML file on the servers again