ASP.NET 4
I’ve used RSA key encryption for connection strings in web.config on my web farm. However, there’s one more custom password entry that I’d like to encrypt. How should I encrypt it with RSA key without having the rest configurations being encrypted. Please advise, thanks.
Example:
<appSettings>
...
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="Password" value="asdfasdf" />
<add key="SessionEmail" value="<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1f7970705f797070317c7072">[email protected]</a>" />
<add key="DefaultFolder" value="789" />
</appSettings>
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You could put the password into a separate section and encrypt this section only. For example:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<appSettings>
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="SessionEmail" value="<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="10767f7f50767f7f3e737f7d">[email protected]</a>" />
<add key="DefaultFolder" value="789" />
</appSettings>
<secureAppSettings>
<add key="Password" value="asdfasdf" />
</secureAppSettings>
</configuration>
and then (note that I am using DPAPI in my example so adapt the provider for RSA):
aspnet_regiis -pef secureAppSettings . -prov DataProtectionConfigurationProvider
Once encrypted the file will look like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<appSettings>
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="SessionEmail" value="<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fb9d9494bb9d9494d5989496">[email protected]</a>" />
<add key="DefaultFolder" value="789" />
</appSettings>
<secureAppSettings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd.......</CipherValue>
</CipherData>
</EncryptedData>
</secureAppSettings>
</configuration>
The way you would access those settings in your application once the file is encrypted is still the same and completely transparent:
var host = ConfigurationManager.AppSettings["Host"]; var password = ConfigurationManager.AppSettings["Password"];
Method 2
In c# and .Net 4.5 I had to use this to read the encrypted setting:
string password = ((System.Collections.Specialized.NameValueCollection)ConfigurationManager.GetSection("secureAppSettings"))["Password"];
but otherwise works a treat.
Method 3
You can’t encrypt a single entry – the infrastructure only allows for encryption of whole config sections.
One option is to place the entry in its own config section and encrypt that.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0