Important note: Web.config encryption only works with ASP.NET 2.0 or later.
ASP.NET 2.0 or later allows you to encrypt certain sections of the web.config; for example, the connectionStrings section. One encryption method is to use RSA keys. You can use the global machine-generated RSA key, but this is relatively insecure since everyone on the server has access to this key. The only secure solution is to use your own RSA keys that only your website has permissions to.
You can generate RSA keys using the aspnet_regiis.exe tool that comes with the .NET framework. Run these commands on your local computer:
1. Create the RSA keys. Replace the "username" part of the NetFrameworkConfigurationKey_username with your hosting account username.
C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -pc "NetFrameworkConfigurationKey_username" -exp
2. Export RSA keys. Replace the "username" part of NetFrameworkConfigurationKey_username with your hosting account username. This will export the public/private keypair to an XML file on your C drive.
C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -px "NetFrameworkConfigurationKey_username" "C:\NetFrameworkConfigurationKey_username.xml" -pri
Please upload your RSA .xml file to your
root directory then Contact the DiscountASP.NET support team to get the RSA keypair installed on your webserver. We will install it in the webserver's LOCAL_MACHINE\My keystore with the appropriate access permissions for your site's ASPNET user. Make note of the NetFrameworkConfigurationKey_username container name, which you will have to use in your application for encryption/decryption.
For more information, see
this Knowledge Base article.
Article ID: 335, Created On: 11/24/2008, Modified: 4/13/2010