Protect sensitive data in your configuration files
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Protect the sensitive data, such as SQL connection strings, in your configuration files by encrypting it. The sections that usually contain sensitive information include <appSettings>, <connectionStrings>, <identity>, and <sessionState>.
Connection strings contain sensitive resource access credentials such as user names, passwords and server names. Connection strings stored in plaintext are dangerous, because an attacker that can compromise a server will be able to read those connection strings.
Even if a machine is not compromised, connection strings stored in plain text are accessible to administrators and any other users with sufficient privileges on the host machine and/or Windows domain.
Use DPAPI to encrypt the sensitive data in the configuration file on your WCF server machine. To encrypt the <connectionStrings> section by using the DPAPI provider with the machine-key store (the default configuration), run the following command from
a command window:
aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"
- -pe: Specifies the configuration section to encrypt.
- -app: Specifies your Web application's virtual path. If your application is nested, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
- -prov: Specifies the provider name.
If you need to encrypt configuration file data on multiple servers in a Web farm, use the RSA protected configuration provider because of the ease with which you can export RSA key containers.