How to Encrypt Your Web or Application Configuration File Data in .NET

Web Farm Scenario

You can use RSA encryption in Web Farms because you can export RSA keys. You need to do this if you encrypt data in a Web.config file prior to deploying it to other servers in a Web Farm. In this case, the private key required to decrypt the data must be exported and deployed to the other servers.

Note: Assuming we have a SharePoint web application at port 8008 and we need to encrypt the <appSettings> section, having key APP_KEY valued as APP_VALUE.

In Source front end server




Use the following procedure:

  1. Run the following command form the command prompt to create a custom RSA encryption key:aspnet_regiis -pc “CustomKeys” –expIf the command is successful, you will see the following output:Creating RSA Key container…
    Succeeded!
  2. Add the following new section to the web.config at port 8008.

<configProtectedData>

   <providers>

      <add keyContainerName=“CustomKeys”  useMachineContainer=“true”

           description=“Uses RsaCryptoServiceProvider to encrypt and decrypt”

name=“CustomProvider”

type=“System.Configuration.RsaProtectedConfigurationProvider,

System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

   </providers>

</configProtectedData>

  1. Run the following command in the command prompt.aspnet_regiis -pef “appSettings” C:\inetpub\wwwroot\wss\VirtualDirectories\8008″ -prov “CustomProvider”.If the encryption is successful, you will see the following output:Encrypting configuration section…
    Succeeded!
    Note: This step will encrypt the appSettings section. Remember, you don’t need to worry about the .NET code fetching data from the appSettings section. There will not be any change.
  2. Grant access to the ASP.NET application pool identity. Run the following command in the command prompt.aspnet_regiis -pa “CustomKeys” “domainname\username”Here, domainname\username is the application pool administrator.
  3. Run the following command from a .NET command prompt to export the custom RSA encryption key.aspnet_regiis -px “CustomKeys” “C:\CustomKeys.xml” -pri
  4. Now transfer the CustomKeys.xml and web.config files to another front-end server.

In Destination front end server




Use the following procedure:

  1. Deploy the application and the encrypted Web.config file onto this server computer. Also copy the CustomKeys.xml file to a local directory on the other server, for example to the C:\ directory.
  2. In Web.config, basically you need to add a new section and replace the encrypted section (for example In this case, replace <appSettings> with the encrypted one and add the following new section).

<configProtectedData>

   <providers>

      <add keyContainerName=”CustomKeys”

         useMachineContainer=”true

         description=”Uses RsaCryptoServiceProvider to encrypt and decrypt”

         name=”CustomProvider”

type=”System.Configuration.RsaProtectedConfigurationProvider,

System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

   </providers>

</configProtectedData>

  1. On the destination server, run the following command from a command prompt to import the custom RSA encryption keys:aspnet_regiis -pi “CustomKeys” “C:\CustomKeys.xml”If the command is successful, you will see the following output:Importing RSA Keys from file…
    Succeeded!
    Note: After you have finished exporting and importing the RSA keys, it is important (for security reasons) to delete the CustomsKeys.xml file from both machines.

How to use in the application




  1. Add the following Default.aspx Web page to your application’s virtual directory and then browse to this page to verify that the encryption and decryption is working correctly.

<%@ Page Language=”C#” %>

<script runat=”server”>

   protected void Page_Load(object sender, EventArgs e)

   {

      Response.Write(“AppSetting value is: ” +

      ConfigurationManager.AppSettings

      [“APP_KEY “].toString());

   }

</script>

<html>

<body/>

</html>

  1. Output:

    AppSetting value is: APP_VALUE




Be Connected…

Satyendra

, , ,

About Satyendra Mishra

Satyendra is a Technical Project Manager with 12+ years of experience on Project Management, Microsoft Technologies including ASP.NET, ASP.NET MVC, C#, SharePoint (On premises & Office 365), JavaScript Framework (AngularJS) and related technologies. He is a person with belief, sky is limit for a hard working and dedicated individual. That’s why he devoted himself to field of Software Development and now both are growing with each other. Every year for him turned out to be best year and he received enormous support and love from his companies and his clients from around the world. Now with vast knowledge of software development and its outsourcing process, he decided to move himself into knowledge sharing. Keep a fact in your mind about the comfort level of your clients and this will make you king/queen of your area.
View all posts by Satyendra Mishra →