We can encrypt the configuration sections by using two built-in providers: DPAPI (Windows Data Protection API) Provider or the RSA provider. The RSA provider (default) uses an RSA key which holds public and private keys, where as the DPAPI provider uses built-in machine-specific key. Let us explore the steps required to encrypt the sections using RSA.
There is two method for encryption and decryption of web.config file.One through asp.net command line and second through programmatically.
Method # 1:
Encryption
ASP.NET 2.0 provides in built functionality to encrypt few sections of web.config file. The task can be completed using Aspnet_regiis.exe. Below is the web.config file and
In this method for encrypting and decryption of web.config does not involve any code, instead is based on the command line tool aspnet_regiis.This command line tool can be found within the %windows%\Microsoft.NET\Framework\versionNumber folder, or can be run directly from the Visual Studio command prompt.
aspnet_regiis.exe -pef “connectionStrings” C:\Projects\DemoApplication
-pef indicates that the application is built as File System website. The second argument is the name of configuration section needs to be encrypted. Third argument is the physical path where the web.config file is located.If you are using IIS base web site the command will be,
aspnet_regiis.exe -pe “connectionStrings” -app “/DemoApplication”
.-pe indicates that the application is built as IIS based site. The second argument is the name of configuration section needs to be encrypted. Third argument “-app” indicates virtual directory and last argument is the name of virtual directory where application is deployed. If everything goes well you will receive a message “Encrypting configuration section…Succeeded!”Open your web.config file and you can see that connection string is encrypted and its look like this.
Decryption:
Now to decrypt the configuration section in web.config file use following command,For File System Application,
aspnet_regiis.exe -pdf “connectionStrings” C:\Projects\DemoApplication
For IIS based Application
aspnet_regiis.exe -pd “connectionStrings” -app “/DemoApplication”
If you want to encrypt any nested section in web.config file like
aspnet_regiis.exe -pef “system.web/Pages” C:\Projects\DemoApplication
Method # 2:
Step 1: Open Visual Studio > File > WebSite > Select the language (C# or Visual Basic) and location to create a new ASP.NET website.Step 2: Now add a web.config file to the project. Right click the project > Add New Item > Web Configuration FileOpen the web.config and add the following sample entries in the file between the
Step 3: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use these buttons to encrypt and decrypt the sections of the web.config file. Add the following code in the button click event of the two buttons:
C#
string provider = "RSAProtectedConfigurationProvider";string section = "connectionStrings";
protected void btnEncrypt_Click(object sender, EventArgs e){try{ Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection confStrSect = confg.GetSection(section); if (confStrSect != null) { confStrSect.SectionInformation.ProtectSection(provider); confg.Save(); } // the encrypted section is automatically decrypted!! Response.Write("Configuration Section " + "" + WebConfigurationManager.ConnectionStrings["MyConnString"].ConnectionString + "" + " is automatically decrypted");}catch (Exception ex){
} }
protected void btnDecrypt_Click(object sender, EventArgs e){try{ Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection confStrSect = confg.GetSection(section); if (confStrSect != null && confStrSect.SectionInformation.IsProtected) { confStrSect.SectionInformation.UnprotectSection(); confg.Save(); }
}catch (Exception ex){
}}
VB.NET
Private provider As String = "RSAProtectedConfigurationProvider"Private section As String = "connectionStrings"
Protected Sub btnEncrypt_Click(ByVal sender As Object, ByVal e As EventArgs)Try Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath) Dim confStrSect As ConfigurationSection = confg.GetSection(section) If Not confStrSect Is Nothing Then confStrSect.SectionInformation.ProtectSection(provider) confg.Save() End If ' the encrypted section is automatically decrypted!! Response.Write("Configuration Section " & "" & WebConfigurationManager.ConnectionStrings("MyConnString").ConnectionString & "" & " is automatically decrypted")Catch ex As Exception
End TryEnd Sub
Protected Sub btnDecrypt_Click(ByVal sender As Object, ByVal e As EventArgs)Try Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath) Dim confStrSect As ConfigurationSection = confg.GetSection(section) If Not confStrSect Is Nothing AndAlso confStrSect.SectionInformation.IsProtected Then confStrSect.SectionInformation.UnprotectSection() confg.Save() End If
Catch ex As Exception
End TryEnd Sub
In the code above, we open the web.config file as a System.Configuration.Configuration object using the specified virtual path. We then call the GetSection() to retrieve the specified ConfigurationSection object, in our case connectionStrings. The ConfigurationSection.SectionInformation property gets us the SectionInformation object, and then we finally call the ProtectSection() method on the SectionInformation object to mark the section for protection.Similarly while decrypting the section, we call the UnprotectSection() method of the SectionInformation object.Step 4: Now run the application and click on the Encrypt button. Now close the application > Open the web.config file. You will observe that the
Note: If you are running this application from the file system, when you close the application, Visual Studio will display a dialog with the message of “The file has been modified outside the editor. Do you want to reload it?” Click yes and then view the web.config.Step 5: Run the application again and now click on the Decrypt button. You will observe that the
To encrypt these section you needed to use Aspnet_setreg.exe tool
No comments:
Post a Comment