Skip to content

Latest commit

 

History

History
84 lines (76 loc) · 2.94 KB

README.md

File metadata and controls

84 lines (76 loc) · 2.94 KB

webconfig-encrypt

This project is to demonstrate how to encrypt web.config using aspnet_regiis.exe. This project consists of two branches :

  • master is project with plain web.config
  • web-config_encrypted is project with encrypted web.config (appSetting section)

Below is summary of encrypting web.config. For more detail, pleae see this link : How to Encrypt Web.config Using aspnet_regiis.exe (Framework 4+) Focus on Web Farms

Encrypting web.config

  1. Run the website.

  2. Access /CheckAppPoolIdentity. You will see app pool data like this

    VARIABLE VALUE
    System.Security.Principal.WindowsIdentity.GetCurrent().Name <app pool identity name>

    Save <app pool identity name> we will need this value in the next step.

  3. Run Command Prompt as Administrator

  4. Navigate to aspnet_regiis location : C:\Windows\Microsoft.NET\Framework\<version>

  5. Encrypt specific section in web.config

    aspnet_regiis.exe -pef <web.config section>  <web.config path>
    

    example :

    aspnet_regiis.exe -pef appSettings  C:\inetpub\wwwroot\app\WebConfigEncryption
    
  6. Creating an RSA Container

    aspnet_regiis.exe -pc “<rsa container name>” -exp
    

    example :

    aspnet_regiis.exe -pc “myApp1SampleKeys” -exp
    
  7. Granting Access to RSA Key Container Execute both commands below

    aspnet_regiis -pa “<rsa container name>” “NT AUTHORITY\NETWORK SERVICE”
    
    aspnet_regiis -pa “<rsa container name>” “<app pool identity name>”
    
  8. Updating app’s web.config file to specify a customProvider Insert this xml to web.config. For example, above

    <configProtectedData>
       <providers>
          <add name="customProvider"
             type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             keyContainerName="**<rsa container name>**"
             useMachineContainer="true" />
       </providers>
    </configProtectedData>
    <connectionStrings>
       ...
    </connectionStrings>
    
  9. Encrypting appSection Using Our New CustomProvider

    aspnet_regiis.exe -pef **<web.config section>** **<path to web.config>** -prov “customProvider”
    

10.Exporting the Key Container in Order to be Used in Other Machines

aspnet_regiis.exe -px “<rsa container name>” <path to exported key> -pri

example :

aspnet_regiis -px “myApp1SampleKeys” c:\myApp1SampleKeys.xml -pri

11.Importing the Key Container on Another Machine

aspnet_regiis -pi “<rsa container name>” <path to exported key>

example :

aspnet_regiis -pi “myApp1SampleKeys” c:\myApp1SampleKeys.xml

12.Run the website again.