Duplicate of Encrypting config files for deployment .NET and Encrypting config files for deployment

What is the best approach and tools for encrypting information in web.config file?

I believe there are two ways of doing this:

using aspnet_regiis using DPAPI or RSA, or doing it programmatically.

The programmatic way can be handy, particularly if you also like to encrypt app.config.

From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:

• Copy config DLL to GAC.
• Perform encryption.
• Remove config DLL from GAC.

Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.

Here are the commands to encrypt web.config file without any programming...

For encryption

aspnet_regiis -pef "Section" "Path exluding web.config"

For Decryption

aspnet_regiis -pdf "Section" "Path exluding web.config"

From this commands you can encrypt or decrypt all the section.

Have you tried this: http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx

Use the aspnet_regiis tool in your framework directory:

                                        -- CONFIGURATION ENCRYPTION OPTIONS --

pe section            Encrypt the configuration section. Optional arguments:
                      [-prov provider] Use this provider to encrypt.
                      [-app virtual-path] Encrypt at this virtual path. Virtual path must begin with a forward slash.
                      If it is '/', then it refers to the root of the site. If -app is not specified, the root
                      web.config will be encrypted.
                      [-site site-name-or-ID] The site of the virtual path specified in -app. If not specified, the
                      default web site will be used.
                      [-location sub-path] Location sub path.
                      [-pkm] Encrypt/decrypt the machine.config instead of web.config.

pd section            Decrypt the configuration section. Optional arguments:
                      [-app virtual-path] Decrypt at this virtual path. Virtual path must begin with a forward slash.
                      If it is '/', then it refers to the root of the site. If -app is not specified, the root
                      web.config will be decrypted.
                      [-site site-name-or-ID] The site of the virtual path specified in -app. If not specified, the
                      default web site will be used.
                      [-location sub-path] Location sub path.
                      [-pkm] Encrypt/decrypt the machine.config instead of web.config.

You should start from here, easy to follow, well explained step-by-step guide in MSDN: How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI

You can encrypt Connection string in web.config by aspnet_regiis.

Encrypting the Connection Strings section in Web.Config file You need to follow the following steps for encrypting the Connection Strings section in the Web.Config file

1. Open Visual Studio Command Prompt You will need to open the Visual Studio Command Prompt from the Start Menu => Programs => Microsoft Visual Studio 2010 => Visual Studio Tools => Visual Studio Command Prompt.

2. Encrypting the Connection Strings section in Web.Config using aspnet_regiis.exe tool

In order to encrypt the ConnectionString section in the Web.Config file, we will need to use the aspnet_regiis.exe tool.

Syntax:

aspnet_regiis.exe -pef "connectionStrings" ""

Example:

aspnet_regiis.exe -pef "connectionStrings" "D:\Sai\Projects\MyTestWebsite".

You can refer to this document for full information: https://microsoftdotnetsolutions.blogspot.com/2018/11/encrypt-and-decrypt-of-connection.html

Use the aspnet_regiis.exe Command-Line Tool

You can also encrypt and decrypt sections in the Web.config file using the aspnet_regiis.exe command-line tool, which can be found in the %WINDOWSDIR%\Microsoft.Net\Framework\version directory.

Look here: http://aspnet.4guysfromrolla.com/articles/021506-1.aspx.