I am trying to encrypt the connection string that is being given in the web.config file using aspnet_regiis. So I am trying to open the aspnet_regiis.exe as

  aspnet_regiis -pe "connectionStrings" -app "/NewTestAPI" -prov "RsaProtectedConfigurationProvider"

or

 aspnet_regiis -pe "connectionStrings" -app "/E:/Dropbox/NewTestAPI" -prov "RsaProtectedConfigurationProvider"

It throws an error saying "Configruation file cannot be created for the requested Configuration object.Failed!" I tried even sharing the folder

enter image description here

 aspnet_regiis -pe "connectionStrings" -app "/\\ABC\NewTestAPI" -prov "RsaProtectedConfigurationProvider"

Even that throws the same error Configruation file cannot be created for the requested Configuration object.Failed!"

Below is the connectionStrings I have

 <connectionStrings>
  <add name="ProConnection" connectionString="Data Source=J;User Id=T;Password=C;pooling=true;min pool size=5;Max Pool Size=60" providerName="Oracle.DataAccess.Client"/>
 </connectionStrings>

I also tried giving the physical path of the site and also the site ID which is as shown in the picture but same error

enter image description here

aspnet_regiis -pe "connectionStrings" -app "/E:\Dropbox\ABC\TestAPI" -site "3" -prov "RsaProtectedConfigurationProvider"

Initial answer:

First you should make sure you grant access to an RSA encryption key with:

.\aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "MySiteIdentity"

If you don't know what your site identity is, you can find it using System.Security.Principal.WindowsIdentity.GetCurrent().Name.

Then, if the web.config is under a different website than the DefaultWebsite, you'll probably need to specify the -site option. If that option is not specified, it defaults to -site 1 (DefaultWebsite, which has the INSTANCE_ID server variable "1"). In order to find your site's INSTANCE_ID you can request the server variables in a .cshtml page like so:

    @foreach (string var in Request.ServerVariables)
    {
        Response.Write(var + " " + Request[var] + "<br>");
    }

Now, suppose you find that your site's instance id is 2. You can use that in your command like this:

.\aspnet_regiis.exe -pe "connectionStrings" -app "/NewTestAPI" -site "2"

Note: the "/NewTestAPI" path is a virtual path and assumes that your application is hosted in Local IIS as an application. Furthermore, the -site option is only necessary if your app is under a different website than the DefaultWebSite, or if you removed and created the DefaultWebsite again.

Update: The actual problem is that the app was hosted in IIS as a website, not an application (so no virtual path, only a physical one). That's why aspnet_regiis would fail when trying to give it a virtual path (the -app option). To give aspnet_regiis a physical path we must use the -pef option like so:

.\aspnet_regiis.exe -pef "connectionStrings" "E:\DropBox\ABC\TestApi"