加密、解密web.config文件（针对某些要加密的字段加密、解密）

1. Description:

The we put user name and password directly in web.config. if the hacker attacked the web site, these important information will be unsafe. So we should encrypt important information to keep mind. Even the hacker attacked the web site, we can stop it to affect our database any more.

 

2. What we need to do is:

Before encrypted：

<connectionStrings>   <add name="Pubs" connectionString="Server=localhost;Integrated Security=True;Database=Pubs"     providerName="System.Data.SqlClient" />   <add name="Northwind" connectionString="Server=localhost;Integrated Security=True;Database=Northwind"     providerName="System.Data.SqlClient" /> </connectionStrings>

 

What we need to do：

<connectionStrings>   <EncryptedData>     <CipherData>       <CipherValue>AQAAANCMndjHoAw...</CipherValue>     </CipherData>   </EncryptedData> </connectionStrings>

 

3. Methods:

There are two different ways to fulfill this:

3.1. Use default RSA secret key container.
3.2. Custom our own RSA secret key container, but in this way, we need to set access privileges.

 

4. Steps

4.1 First, let’s do default setting.

 4.1.1.  Open one notepad, and copy this code in it and save it.

<%@ Page Language="C#" %> <% Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name); %>

Save it as “my.aspx” into your web site and run it. It will shows “ NT AUTHORITY/NETWORK SERVICE ”

 4.1.2.  (Key) run “cmd”, and execute these orders:

cd %windows%/Microsoft.NET/Framework/versionNumber aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITYNETWORK SERVICE"

Description:

NetFrameworkConfigurationKey is RsaProtectedConfigurationProvider’s default provider key。

4.1.3. Now, let’s encrypt web.config, run:

aspnet_regiis -pe "connectionStrings" -app "/Myweb"

 

Description:

"connectionStrings" is what we want to encrypt，"/Myweb" is web site path.      
                  

Decrypt：

aspnet_regiis -pd "connectionStrings" -app "/Myweb"

4.1.4. Then you can use it in your code without decrypting:

...     string connstr= ConfigurationManager.ConnectionStrings["myConnstr"].ConnectionString.ToString();     ...

 

4.2 Of course, we can custom our own RSA secret key container.

 4.2.1.  Create our own secret key container “MyKeys”, run:

aspnet_regiis -pc "MyKeys" -exp

4.2.2. In web.config, put these code in it:

<protectedData>         <providers>          <add name="MyProvider"               type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0. 0.0,                     Culture=neutral, PublicKeyToken=b03f5f7f11d0a3a,                     processorArchitecture=MSIL"               keyContainerName="MyKeys"               useMachineContainer="true" />         </providers>       </protectedData>

To identify the provider which it is.

4.2.3. This is different with default secret key container; we need to set access privilege for our own customed provider.

aspnet_regiis -pa "MyKeys" "NT AUTHORITYNETWORK SERVICE"

 

 4.2.4. Now, you can encrypt your web.config:

Encrypt:

aspnet_regiis -pe "connectionStrings" -app "/Myweb" -prov "MyProvider"

Description:

"connectionStrings" is what we want to encrypt，"/Myweb" is web site path. "MyProvider" is our own customed container.

Decrypt:

aspnet_regiis -pd "connectionStrings" -app "/Myweb" -prov "MyProvider"