I have a websever running IIs 6.0 and the .Net 2.0 framework. I'm trying to encrypt sections of a web.config file on one of the websites that I host on this server. I have about 20 different websites each with their own IP address.
From several MSDN docs and posts here and there I've learned that I can use the aspnet_regiis command to encrypt certain sections of my web.config. I'd like to encrypt the sections that contain passwords - such as the connectionStrings and the mailSettings. (I'm trying to implement the new Membership classes and the login control).
My problem is that the documentation I have says a couple of things that I'm not sure how to do.
1. In one place in the MSDN doc ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp ) it says:
To encrypt the connectionStrings section, run the following command from a .NET command prompt:
aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"
The above command with the -app switch assumes that there is an IIS virtual directory called MachineDPAPI. If you are using the Visual Studio .NET 2005 Web server instead of IIS, use the -pef switch, which allows you to specify the physical directory location of your configuration file.
The -pe switch specifies the configuration section to encrypt.
The -pef switch specifies
View Complete Post