Posted on Leave a comment

Encrypting web.config Sections

1. First, add following to web.config within the container

---------------------BEGIN: configProtectedData ---------------------

---------------------END: configProtectedData ---------------------


2. Below is an example .bat or .cmd file for encrypting sensitive sections of the web.config for a given .NET web application. Change the {PATH} to the physical path to the web application's folder.

---------------------BEGIN:  encrypt.cmd ---------------------
@echo off

REM *********************************************************
REM ** APP_PATH
REM ** Change {PATH} below to path of physical location where
REM ** application is installed
REM **
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM *********************************************************
SET APP_PATH="{PATH}"
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
SET ASP_OPT=-pef
SET ASP_PROV="MY_PROVIDER"

%ASP_PATH% %ASP_OPT% "connectionStrings"

%APP_PATH% -prov %ASP_PROV%

pause
---------------------END: encrypt.cmd ---------------------

A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx

Posted on Leave a comment

Managing Key Store

———————BEGIN: create_keystore.cmd ———————
@echo off
REM *********************************************************
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM **
REM ** Warning: keep the exported key in a safe place
REM ** you will not be able to decrypt data using
REM ** a recreated keystore even by same name
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
REM To Delete Key store
REM %ASP_PATH% -pz “MY_KEYS”

REM To Create key store
%ASP_PATH% -pc “MY_KEYS” -exp

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

REM To Export key store
%ASP_PATH% -px “MY_KEYS” “d:tempcryptoMY_KEYS.xml” -pri

———————END: create_keystore.cmd ———————

———————BEGIN: import_keystore.cmd ———————

@echo off
REM *********************************************************
REM **
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe

REM To Delete Key store
%ASP_PATH% -pz “MY_KEYS”

REM To Import Key Store
%ASP_PATH% -pi “MY_KEYS” “d:tempcrypto375CSPTS_KEYS.xml”

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

———————END: import_keystore.cmd ———————

A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx