Encrypting Particular Section in a Web.config
This is to share about Encrypting any particular section in a web.config file.
Normally, we are to store our global variables, connectionstrings and static variables in web.config. But they are easily exposed in order to make it secure you can encrypt any particular section you want. Kindly find the below snippet and share your thoughts
Encrypting appsettings section in a config file in .NET 2.0
private void EncryptWebSections()
{
Configuration myConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
AppSettingsSection objSection=
(AppSettingsSection)myConfig.GetSection("appSettings");
if (!objSection.SectionInformation.IsProtected)
{
objSection.SectionInformation.ProtectSection(
"RsaProtectedConfigurationProvider");
objSection.SectionInformation.ForceSave = true;
myConfig.Save(ConfigurationSaveMode.Modified);
}
}
In 2.0 we dont need to decrypt the section at the runtime. Microsoft Framework 2.0 will decrypt the section in built.
In order to decrypt, replace the objSection.SectionInformation.ProtectSection with objSection.SectionInformation.UnProtectSection(
"RsaProtectedConfigurationProvider");
and your section will get decrypt and get saved.
Regards
Prakash A