Use the command line tool aspnet_regiis.exe
You can also use the aspnet_regiis.exe command line tool to encrypt and decrypt the file configuration section, which you can find in the "%WINDOWSDIR%\\Framework\version" directory. To encrypt a section in the file, you can use the DPAPI machine key in this command line tool, as shown below:
Common forms of encrypting files for a specific website:
aspnet_regiis.exe -pef section physical_directory -prov provider
or:
aspnet_regiis.exe -pe section -app virtual_directory -prov provider
Specific examples of encrypting files for a specific website:
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite" -prov "DataProtectionConfigurationProvider"
or:
aspnet_regiis.exe -pe "connectionStrings" -app "/MySite" -prov "DataProtectionConfigurationProvider"
Common forms for decrypting files from a specific website:
aspnet_regiis.exe -pdf section physical_directory
or:
aspnet_regiis.exe -pd section -app virtual_directory
Specific examples of decrypting files from a specific website:
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
or:
You can also specify that the encryption/decryption of the file is performed by aspnet_regiis.exe.
【Tip】Configuration settings in the encrypted version
To protect configuration settings in the version, developers need to encrypt and store sensitive settings in the web server's registry and store them in a "strong" key. Instead of storing encrypted content (as in 2.0), the configuration file contains a reference to the registry key that stores the encrypted value. For example:
<identity impersonate="true"
userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName"
password="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
Microsoft provides developers with the aspnet_setreg.exe command line tool to encrypt sensitive configuration information and move it to a "strong" registry entry. Unfortunately, this tool works only for specific configuration settings; by contrast, 2.0 allows encryption of any configuration section.
For more information about using aspnet_setreg.exe in an application, please refer to KB#32990 in MSDN. Unfortunately, this command line program can only encrypt predefined sections in configuration settings and does not allow you to encrypt database connection strings and other sensitive information you added yourself.
Encryption instance:
C:\WINDOWS\\Framework\v2.0.50727\aspnet_regiis -pdf connectionStrings I:\Code Repository\wt_Projects\WebSites\WebSite
You can also use the aspnet_regiis.exe command line tool to encrypt and decrypt the file configuration section, which you can find in the "%WINDOWSDIR%\\Framework\version" directory. To encrypt a section in the file, you can use the DPAPI machine key in this command line tool, as shown below:
Common forms of encrypting files for a specific website:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pef section physical_directory -prov provider
or:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pe section -app virtual_directory -prov provider
Specific examples of encrypting files for a specific website:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite" -prov "DataProtectionConfigurationProvider"
or:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pe "connectionStrings" -app "/MySite" -prov "DataProtectionConfigurationProvider"
Common forms for decrypting files from a specific website:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pdf section physical_directory
or:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pd section -app virtual_directory
Specific examples of decrypting files from a specific website:
Copy the codeThe code is as follows:
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
or:
You can also specify that the encryption/decryption of the file is performed by aspnet_regiis.exe.
【Tip】Configuration settings in the encrypted version
To protect configuration settings in the version, developers need to encrypt and store sensitive settings in the web server's registry and store them in a "strong" key. Instead of storing encrypted content (as in 2.0), the configuration file contains a reference to the registry key that stores the encrypted value. For example:
Copy the codeThe code is as follows:
<identity impersonate="true"
userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName"
password="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
Microsoft provides developers with the aspnet_setreg.exe command line tool to encrypt sensitive configuration information and move it to a "strong" registry entry. Unfortunately, this tool works only for specific configuration settings; by contrast, 2.0 allows encryption of any configuration section.
For more information about using aspnet_setreg.exe in an application, please refer to KB#32990 in MSDN. Unfortunately, this command line program can only encrypt predefined sections in configuration settings and does not allow you to encrypt database connection strings and other sensitive information you added yourself.
Encryption instance:
Copy the codeThe code is as follows:
C:\WINDOWS\\Framework\v2.0.50727\aspnet_regiis -pdf connectionStrings I:\Code Repository\wt_Projects\WebSites\WebSite