Protect (encrypt) password in web.config file (asp.net)

Question

Protect (encrypt) password in web.config file (asp.net)

<system.net> <mailSettings> <smtp from=" email@domain.com " deliveryMethod="Network"> <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" email@domain.com " password="password" enableSsl="true" /> </smtp> </mailSettings> </system.net>

This is the case when I need encryption for my password. I searched and searched a lot on the Internet, but I can no longer encrypt.

Can anyone help me do this in a simple but safe way.

+7

asp.net

Muaz khan Dec 24 '10 at 9:50

source share

3 answers

This is another way to encrypt and decrypt the coonection string, if you are using vs2010, then open vs2010, run it as administrator

 string provider = "RSAProtectedConfigurationProvider"; string section = "connectionStrings"; protected void btnEncrypt_Click(object sender, EventArgs e) { Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection configSect = confg.GetSection(section); if (configSect != null) { configSect.SectionInformation.ProtectSection(provider); confg.Save(); } } protected void btnDecrypt_Click(object sender, EventArgs e) { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection configSect = config.GetSection(section); if (configSect.SectionInformation.IsProtected) { configSect.SectionInformation.UnprotectSection(); config.Save(); } }

+3

lucky one May 08 '12 at 11:29

source share

Here's a thread on ASP.NET forums that has brainstorming, and provide some possible solutions:

How to encrypt SMTP Node in web.config

+1

decyclone Dec 24 '10 at 9:54

source share

Philippe · Accepted Answer · 2010-12-24T10:11:02+0000

I wrote an article about this on my blog: http://pvlerick.imtqy.com/2009/03/encrypt-appconfig-section-using-powershell-as-a-post-build-event

My idea was that you want the password to be cleared in the IDE, but encrypted in the output folder web.config / app.config.

script -

 param( [String] $appPath = $(throw "Application exe file path is mandatory"), [String] $sectionName = $(throw "Configuration section is mandatory"), [String] $dataProtectionProvider = "DataProtectionConfigurationProvider" ) #The System.Configuration assembly must be loaded $configurationAssembly = "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a" [void] [Reflection.Assembly]::Load($configurationAssembly) Write-Host "Encrypting configuration section..." $configuration = [System.Configuration.ConfigurationManager]::OpenExeConfiguration($appPath) $section = $configuration.GetSection($sectionName) if (-not $section.SectionInformation.IsProtected) { $section.SectionInformation.ProtectSection($dataProtectionProvider); $section.SectionInformation.ForceSave = [System.Boolean]::True; $configuration.Save([System.Configuration.ConfigurationSaveMode]::Modified); } Write-Host "Succeeded!"

Post-build command

 powershell "& ""C:\Documents and Settings\VlericP\My Documents\WindowsPowerShell\EncryptAppConfigSection.ps1""" '$(TargetPath)' 'connectionStrings'

Protect (encrypt) password in web.config file (asp.net)

More articles: