.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Encrypting sections of Web.Config

Posted By:      Posted Date: September 09, 2010    Points: 0   Category :.NET Framework
I have a websever running IIs 6.0 and the .Net 2.0 framework. I'm trying to encrypt sections of a web.config file on one of the websites that I host on this server. I have about 20 different websites each with their own IP address. From several MSDN docs and posts here and there I've learned that I can use the aspnet_regiis command to encrypt certain sections of my web.config. I'd like to encrypt the sections that contain passwords - such as the connectionStrings and the mailSettings. (I'm trying to implement the new Membership classes and the login control). My problem is that the documentation I have says a couple of things that I'm not sure how to do. 1. In one place in the MSDN doc ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp ) it says: To encrypt the connectionStrings section, run the following command from a .NET command prompt: aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider" The above command with the -app switch assumes that there is an IIS virtual directory called MachineDPAPI. If you are using the Visual Studio .NET 2005 Web server instead of IIS, use the -pef switch, which allows you to specify the physical directory location of your configuration file. The -pe switch specifies the configuration section to encrypt. The -pef switch specifies

View Complete Post

More Related Resource Links

Encrypting/Decrypting web.config sections in ASP.Net

The article Encrypting/Decrypting web.config sections in ASP.Net was added by ujjwaladatta on Thursday, August 26, 2010.

Encrypting/Decrypting web.config sections in ASP.Net using System.Configuration; using System.Web.Configuration; public partial class _Default : System.Web.UI.Page { protected void Encripting_Click(object sender, EventArgs e) { EncriptSection("appSettings"

Encrypting Sections of the Web.config File

Hello,I have a problem with config section encryption.In Web.config I added protectedData section and I'd like to encrypt network section cos' it contains password<protectedData defaultProvider="MyProtectedConfigurationProvider">  <providers>   <add name="MyProtectedConfigurationProvider"     type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration"     keyContainerName="my"     useMachineContainer="true"     useOAEP="false" />  </providers>  <protectedDataSections>   <add name="system.net/mailSettings/smtp/network"     provider="MyProtectedConfigurationProvider"     inheritedByChildren="false"/>     </protectedDataSections> </protectedData><system.net>  <mailSettings>   <smtp>    <network host="host" password="xxx" port="25"    userName="user" />   </smtp>  </mailSettings> </system.net>Then I execute aspnet_regiis to encrypt that sectionaspnet_regiis -pe "system.net/mailSettings/smtp/network" -app "/mysite" -prov "MyProtectedConfigurationProvider"But I

Stupid web.config mistake: Sections must only appear once per config file

Today's stupid mistake comes to you via the web.config file in an ASP.NET 4 Web application project. At runtime, when navigating to default.aspx, ASP.NET choked with this error message: Parser Error Message: Sections must only appear once per config file.  See the help topic <location> for exceptions. Source Error: Line 14:     <location path="default.aspx"> Line 15:         <system.web> Line 16:            ...(read more)

Encrypting config file's connection string and keys


 Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff....any suggestions? Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?

Clean Web.Config Files (VS 2010 and .NET 4.0 Series)

.NET 4 includes a new version of the CLR, and a new .NET 4 specific machine.config file (which is installed side-by-side with the one used by .NET 2, .NET 3 and .NET 3.5).

The new .NET 4 machine.config file now automatically registers all of the ASP.NET tag sections, handlers and modules that we've added over the years, including the functionality for:

.ASP.NET Dynamic Data
.ASP.NET Routing (which can now be used for both ASP.NET WebForms and ASP.NET MVC)
.ASP.NET Chart Control (which now ships built-into ASP.NET V4)
What this means is that when you create a new "Empty ASP.NET application" project in VS 2010, you'll find that the new default application-level web.config file is now clean and simple:

reading values from config files in NUnit tests


One of my NUnit tests has to read in some values from config files.  In my main application this process works perfectly well, however when I run the unit test, the code that reads in the values from the config files doesnt read anything in.  Ive tried putting app.config in my unit test project (I even tried web.config) but nothing seems to work.  Are there any special steps involved when reading from config files in an nunit test ?

NUnit and config files


Ive created an NUnit test project in my solution and have added 3 tests.  They all fail with the same error

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.


SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

  ----> System.NullReferenceException : Object reference not set to an instance of an object.

heres the test method

        public void CreateDataContext_ConnectionString_ReturnsDataCon

Modifying connection String in Web config using Install Wizard



Im trying to create a Web Deployment Project, the built in setup and deployment is very good in Visual Studio, i need to able to add an additional step in the setup to change the connection string in the Web config file. Ive seen a lot of articles on how to do this and in particular this http://weblogs.asp.net/scottgu/archive/2007/06/15/tip-trick-creating-packaged-asp-net-setup-programs-with-vs-2005.aspx#7162670 I am however stuck on the final part of this tutorial, im using the code Scott provided but have two errors,  heres part of my code where the errors are

using System;
using System.Configuration;
using System.Configuration.Install;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.DirectoryServices;

 void ConfigureDatabase(string targetSite, string targetVDir, string connectionString)
            // Retrieve "Friendly Site Name" from IIS for TargetSite
            DirectoryEntry entry = new DirectoryEntry("IIS://LocalHost/" + targetSit

Web deployment project - web.config section replacement does not add remove tag


I have a web application that is actually installed as a component of a third party site.  In some configurations, I need to remove certain connection strings and re-add them.  I'm replacing this web.config section with a xml file that includes the following:

      <remove name="MyOverridenConnection"/>
      <add connectionString="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MyDb;Data Source=MyServer" name="MyOverridenConnection"

For some reason the remove tag is left out during the substitution and I end up with the following in the installed config:

      <add connectionString="Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MyDb;Data Source=MyServer" name="MyOverridenConnection"

Is there any way to issue removes in replaced sec

Security Briefs: Encrypting Without Secrets


Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.

Keith Brown

MSDN Magazine January 2006

The ASP Column: What's in ASP.NET Config Files?


Even though you've been using ASP. NET for a while, how much do you really know about ASP. NET configuration files? While you've probably touched the Web. config file from time to time, there are some nuances involved in configuring ASP.

George Shepherd

MSDN Magazine September 2004

Threading: Break Free of Code Deadlocks in Critical Sections Under Windows


Critical sections, a mechanism that prohibits more than one thread at a time from executing a particular section of code, is a topic that has not received much attention and thus tends not to be well understood. A solid understanding of critical sections in Windows can really come in handy when you need to track down multithreading performance issues in your code. This articles delves under the hood of critical sections to reveal information useful in finding deadlocks and in pinpointing performance problems. It also includes a handy utility program that shows all of your critical sections and their current states.

Matt Pietrek and Russ Osterlund

MSDN Magazine December 2003

Razor View Engine and Add Namespace in Web.Config Problem



I am working on a MVC project with Razor view engine and I have the following:


This only works if I have on the same view the following:

  @using SquishIt.Framework;

However, on my Web.Config I have the following:


      <!-- Namespaces -->
        <add namespace="System"/>
        <add namespace="System.Web.Mvc"/>
        <add namespace="System.Web.Mvc.Ajax"/>
        <add namespace="System.Web.Mvc.Html"/>
        <add namespace="System.Web.Routing"/>
        <add namespace="Microsoft.Web.Mvc"/>
        <add namespace="SquishIt.Framework"/>


So if "SquishIt.Framework" namespace is added on Web.Config why do I need to have the @using on the view?

How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


pageParserFilterType in Web.config


Hi there,

I'm asking this question AFTER I've already solved my problem - I just wanted more info about it.

Each time I tried to create a ViewUserControl with a specific model template like this:

<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<MyProject.Web.ContactFormContent>" %>

The control would not compile properly and intellisense would not show things like Html and ViewData.

However, when I add the attribute pageParserFilterType to the <pages> in web.config, everything works:

      pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc,
        Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

      pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc,

All my server-controls became unrecognized!!! like there's compilation error or web.config missing!



please help - the problem is in post subject.

I have lots of warnings with following text:

"Warning 10 Element 'HyperLink' is not a known element. This can occur if there is a compilation error in the Web site, or the web.config file is missing. C:\Users\Pavel\Documents\Visual Studio 2010\WebSites\BioWebSite\ToScientist.aspx 26 18 C:\...\BioWebSite\" 

But web.confg is there! And there's no compilation error!

Site builds just fine. And If I upload it to my hoster - it works!


But with all these errors I cant add controls to pages - VS2010 adds hyperlink without ID, and intelisens stoped to work.

Strange, but in my other project (web-application) I have no such difficuty.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend