RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

Tip of the Day
Language: .NET
Expertise: Intermediate
Jul 14, 2009

Encrypt and Decrypt Configuration File Sections from a Command Line

You may find that you need to encrypt some sections of configuration files (such as Web.config) to protect sensitive information. Yet you may also need to decrypt that information to debug a running application.

You can do that in .NET 2.0 and higher using the aspnet_regiis.exe command-line utility. The utility supports two kinds of encryption methods or providers: the Windows Data Protection API (DPAPI) provider or the RSA provider. The RSA provider is the default.

For example, to encrypt the connectionStrings section in a Web.config file, open a command prompt and enter the following on a single line (substituting the appropriate path for the one shown in the example):

aspnet_regiis.exe -pef "connectionStrings" 
   prov "RSAProtectedConfigurationProvider"

To decrypt the same section, use:

aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\YourWebSite"
Note that you can't encrypt "section groups" such as <system.net> or <mailSettings>;you may encrypt only "sections"—and there are restrictions on those as well. For example, sections that you may not encrypt include <configProtectedData>, <processModel>, and <httpRuntime>, because the ASP.NET/ISAPI engine needs access to them.
Deepak Choudhari
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date