How to Encrypt Your Web or Application Configuration File Data in .NET




Web Farm Scenario

You can use RSA encryption in Web Farms because you can export RSA keys. You need to do this if you encrypt data in a Web.config file prior to deploying it to other servers in a Web Farm. In this case, the private key required to decrypt the data must be exported and deployed to the other servers.

Note: Assuming we have a SharePoint web application at port 8008 and we need to encrypt the <appSettings> section, having key APP_KEY valued as APP_VALUE.

In Source front end server

Use the following procedure:

  1. Run the following command form the command prompt to create a custom RSA encryption key:aspnet_regiis -pc “CustomKeys” –expIf the command is successful, you will see the following output:Creating RSA Key container…
  2. Add the following new section to the web.config at port 8008.



      <add keyContainerName=“CustomKeys”  useMachineContainer=“true”

           description=“Uses RsaCryptoServiceProvider to encrypt and decrypt”



System.Configuration, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />



  1. Run the following command in the command prompt.aspnet_regiis -pef “appSettings” C:\inetpub\wwwroot\wss\VirtualDirectories\8008″ -prov “CustomProvider”.If the encryption is successful, you will see the following output:Encrypting configuration section…
    Note: This step will encrypt the appSettings section. Remember, you don’t need to worry about the .NET code fetching data from the appSettings section. There will not be any change.
  2. Grant access to the ASP.NET application pool identity. Run the following command in the command prompt.aspnet_regiis -pa “CustomKeys” “domainname\username”Here, domainname\username is the application pool administrator.
  3. Run the following command from a .NET command prompt to export the custom RSA encryption key.aspnet_regiis -px “CustomKeys” “C:\CustomKeys.xml” -pri
  4. Now transfer the CustomKeys.xml and web.config files to another front-end server.

In Destination front end server

Use the following procedure:

  1. Deploy the application and the encrypted Web.config file onto this server computer. Also copy the CustomKeys.xml file to a local directory on the other server, for example to the C:\ directory.
  2. In Web.config, basically you need to add a new section and replace the encrypted section (for example In this case, replace <appSettings> with the encrypted one and add the following new section).



      <add keyContainerName=”CustomKeys”


         description=”Uses RsaCryptoServiceProvider to encrypt and decrypt”



System.Configuration, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />



  1. On the destination server, run the following command from a command prompt to import the custom RSA encryption keys:aspnet_regiis -pi “CustomKeys” “C:\CustomKeys.xml”If the command is successful, you will see the following output:Importing RSA Keys from file…
    Note: After you have finished exporting and importing the RSA keys, it is important (for security reasons) to delete the CustomsKeys.xml file from both machines.

How to use in the application

  1. Add the following Default.aspx Web page to your application’s virtual directory and then browse to this page to verify that the encryption and decryption is working correctly.

<%@ Page Language=”C#” %>

<script runat=”server”>

   protected void Page_Load(object sender, EventArgs e)


      Response.Write(“AppSetting value is: ” +


      [“APP_KEY “].toString());






  1. Output:

    AppSetting value is: APP_VALUE

Be Connected…




THREE QUERIES offers easy access to information about SharePoint and associated technologies, project management, agile and scrum methodologies that helps developers, administrators, architects, technical managers, business analysts and end users. It has grown from there. We provide an important knowledge base for those involved in managing, architecture and developing software projects of all kinds. With weekly/daily exclusive updates, we keep you in touch with the latest business, management, technology thinking.

WE ARE CONNECTED ~ Follow us on social media to get regular updates and opinion on what's happening in the world of SharePoint, front-end, back end web technologies and project management. If you like this article, please share it and follow us at Facebook, Twitter, Instagram and LinkedIn

, , ,

About Satyendra Mishra

Microsoft certified, motivated, energetic and accomplished SharePoint Consultant and Architect with 13+ years of work experience in Management, Architecture, Analytics, Development and Maintenance. He has been fortunate to be a part of over 20+ Web/Mobile/Software SharePoint and .Net projects delivery with various companies across different industry sectors. This has provided him a valuable insight and experience especially in successful implementation of technology solutions. Having very strong System Architecture, Technological, Management & Analytical Skills, Knowledge of Office 365, SharePoint, .Net, JavaScript, React, Angular, Azure, SQL. In 2016, he decided to start sharing the knowledge back to society in the form for content writing and blogging.
View all posts by Satyendra Mishra →

Leave a Reply

Your email address will not be published. Required fields are marked *