This project is read-only.

Encrypt configuration sections that contain sensitive data

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Encrypt configuration sections that contain sensitive data such as SQL connection strings. The sections that usually contain sensitive information include <appSettings>, <connectionStrings>, <identity>, and <sessionState>. Use DPAPI to encrypt the sensitive data in the configuration file on your WCF server machine.

To encrypt the <connectionStrings> section by using the DPAPI provider with the machine-key store (the default configuration), run the following command from a command window:
aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"
  • -pe: Specifies the configuration section to encrypt.
  • -app: Specifies your Web application's virtual path. If your application is nested, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
  • -prov: Specifies the provider name.
If you need to encrypt configuration file data on multiple servers in a Web farm, use the RSA protected configuration provider because of the ease with which you can export RSA key containers.

Additional Resources

Last edited Apr 24, 2008 at 12:47 AM by prashantbansode, version 2


No comments yet.