CODEWITHSUNDEEP
asp.netweb-config
Manoj Singh
Manoj Singh

Reputation: 7707

How to encrypt username and password in Web.config in C# 2.0

I have the entries below in my Web.config and I am using .NET 2.0 and C# for coding.

 <add key="userName" value="s752549"/>
 <add key="userPassword" value="Delhi@007"/>

Now I want this to be encrypted so that nobody can see it, and also these passwords may change frequently (every fifteen days).

Upvotes: 16

Views: 43281

Answers (4)

Raghu
Raghu

Reputation: 1443

You can Protect / Unprotect entire config sections in .NET.

For more info see http://www.codeproject.com/Articles/38188/Encrypt-Your-Web-config-Please.aspx

Upvotes: 3

ewitkows
ewitkows

Reputation: 3618

Just wanted to add to this, the marked answer was 99% complete, but it didn't provide how to specify the location of the web config. Rather than root around the internet, thought I'd just post the complete command. As such, here is the command I executed

C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pef "secureAppSettings" "C:\MyLocalPublishDirectory\MyApp" -prov DataProtectionConfigurationProvider

Upvotes: 14

Saurabh
Saurabh

Reputation: 5727

You could put the username and password into a separate section and encrypt this section only. For example:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
        <section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    </configSections>

    <appSettings>
        <add key="Host" value="www.foo.com" />
        <add key="Token" value="qwerqwre" />
        <add key="AccountId" value="123" />
        <add key="DepartmentId" value="456" />
        <add key="SessionEmail" value="[email protected]" />
        <add key="DefaultFolder" value="789" />  
    </appSettings>

    <secureAppSettings>
        <add key="userName" value="s752549"/>
        <add key="userPassword" value="Delhi@007"/>

    </secureAppSettings>  
</configuration>

and then use aspnet_regiis

For Ex: 
aspnet_regiis -pef secureAppSettings . -prov DataProtectionConfigurationProvider

Upvotes: 13

Mike Miller
Mike Miller

Reputation: 16575

you could use aspnet_regiis, see http://msdn.microsoft.com/en-us/library/zhhddkxy(v=VS.80).aspx

Upvotes: 1

Related Questions