WebConfig Encryption

Question

WebConfig Encryption

I have a web application that I publish to three web servers using the "publish" parameter.

I want to encrypt the connectionstrings section of the web configuration file. The command below will do this:

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" c:\inetpub\application

However, I have to use RDP (Remote Desktop) for each server and run a command on each server, since you cannot run it like this (from a client PC):

\ servername \ c $ \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe -pef "connectionStrings" \ servername \ c $ \ inetpub \ application

Is there a better way to do this: perhaps:

1) Run the command line on the server after publishing. 2) Use build in Visual Studio, which allows you to execute a batch file after publishing is complete

+6

asp.net

w0051977 Feb 12 '13 at 17:21

source share

3 answers

Aussierob · Answer 1 · 2013-05-24T05:08:27+0000

Encrypt the connectionStrings section of your web.config on your server, and then add this encrypted section to your web file. [CONFIGURATION_FOR_SERVER] .config. The key is the first line that says replacing the connectionStrings part of your original web.config with this new encrypted value. You will need a new conversion file for each server you publish to. Visual Studio will raise a warning (not an error), i.e.

 Warning 15 The element 'connectionStrings' has invalid child element 'EncryptedData' in namespace 'http://www.w3.org/2001/04/xmlenc#'. List of possible elements expected: 'add, remove, clear'. C:\DevTFS\YourProject\Web.Stage.config 14 6 YourProject

about the format of this conversion file - I did not find the correct syntax to get around this, so I am open to suggestions, but it still works, so I'm happy. Full blog entry on this subject: http://randomdotnetnuggets.blogspot.com.au/2013/05/publishing-encrypted-connection-strings.html

 <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider" xdt:Transform="Replace"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>t8p7aOZTjMo...zE6FAAI=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>Vy1TZWY8....ic+Qg6T7U</CipherValue> </CipherData> </EncryptedData>

Ray cheng · Answer 2 · 2013-02-18T06:42:20+0000

If Integrated Security is not an option, I offer you MS Web Deploy .

When you create a deployment package with Visual Studio 2012, you will get the zip file and script command line files. You can modify this script file to encrypt your web.config or minimize your own script package or powershell script.

Karl Gjertsen · Answer 3 · 2015-11-10T14:19:59+0000

This is an old question, but this answer may help someone.

In a load-balanced scenario or web farm, you can encrypt the file once and copy web.config to other machines. However, for this you need to use the same machine key for each website.

https://msdn.microsoft.com/en-us/library/dtkwfdky.aspx

Hope this helps anyone looking for this.

WebConfig Encryption

More articles: