In a .NET 4.0 website, which web.config sections can be encrypted? I read that not all sections can be encrypted, but I can't find anything detailing which sections can.
From the MSDN docs , it's clear that one can encrypt and decrypt a web.config
section using the Aspnet_regiis.exe
tool with the –pe
option and the name of the configuration element to be encrypted as long as the section is not one of these ones:
The following is a list of configuration sections that cannot be encrypted using protected configuration: processModel, runtime, mscorlib, startup, system.runtime.remoting, configProtectedData, satelliteassemblies, cryptographySettings, cryptoNameMapping, and cryptoClasses . It is recommended that you use other means of encrypting sensitive information, such as the ASP.NET Set Registry console application (Aspnet_setreg.exe) tool, to protect sensitive information in these configuration sections.
Here's what you need to encrypt all other possible sections:
Encrypting and Decrypting Configuration Sections
Walkthrough: Encrypting Configuration Information Using Protected Configuration
To Encrypt
go to below directory in command prompt C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319>
aspnet_regiis -pe "connectionStrings" -app "/ShopAPI"
aspnet_regiis -pd "connectionStrings" -app "/ShopAPI"
Configuration files such as the Web.config
file are often used to hold sensitive information, including user names , passwords , db connection strings , and encryption keys .That's why we should always keep those sensitive sections in encrypted form.
Sections you can encrypt :
<appSettings>
<connectionStrings>
<identity>
<sessionState>
Sections you can't encrypt :
<processModel>
<runtime>
<mscorlib>
<startup>
<system.runtime.remoting>
<configProtectedData>
<satelliteassemblies>
<cryptographySettings>
<cryptoNameMapping>
Remember : Encrypting and decrypting data incurs performance overhead. To keep this overhead to a minimum, encrypt only the sections of your configuration file that store sensitive data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.