WinBlogs

Some techy stuff and occasional verbose ramblings :D

IIS server, Servers, Windows and Powershell

Encrypt your web.config file

Recently, I had a request from a customer, where he wanted to encrypt his web.config file ( wee, a part of it ). Since he didnt know how to do it by himself, he asked us to do it.

Basically, the procedure is very simple.

First, open IIS manager and find the web site you want to encrypt. Got it? Great, when you’re there, look at the site ID, write it somewhere.

 

Then, run command prompt ( as administrator ) and position yourself in the :

C:\Windows\Framework\v4.0.30319\

In case your application is running in .NET 2, position yourself in the V2.0.xxxx folder.

Type in the following command:

aspnet_regiis -pe “connectionStrings” ” -site “IDnumber”

What will this command do?

It will encrypt the connection string part of the web.config file, so it cannot be read in some text editor; ofcourse, your web server will still be able to read the connection string from the file, dont worry 🙂

BUT WHAT IF I HAVE A VIRTUAL DIRECTOY, AND I WANT TO ENCRYPT THAT web.config FILE?

No problem at all, just use this command:

aspnet_regiis -pe “connectionStrings” -app “/YOURVIRTUALFOLDER” -site “IDnumber”

Notice that I added a “-app “/YOURVIRTUALFOLDER” part to the command.

 

Thats all for today 😀 Stay smart and bright! 😀 Bye bye!

2 Comments

  1. What if i am on shared hosting and i want to encrypt my web.config from my development machine and then deploy it.??
    Is there any option to implement this?

  2. Alesandro Slepčević

    Hi, I’m sorry for the delay. Your hoster should do the encrypting.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Theme by Anders Norén