Post date: Mar 9, 2011 11:45:56 AM
This is done using a WebConfigurationManager and RsaProtectedConfigurationProvider and can protect the entire appsettings section
using System.Web.Configuration;
//Encryption Setting
private void EncryptAppSettings()
{
Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
if (!objAppsettings.SectionInformation.IsProtected)
{
objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
objAppsettings.SectionInformation.ForceSave = true;
objConfig.Save(ConfigurationSaveMode.Modified);
}
}
//Decryption Settings:
private void DecryptAppSettings()
{
Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
if (objAppsettings.SectionInformation.IsProtected)
{
objAppsettings.SectionInformation.UnprotectSection();
objAppsettings.SectionInformation.ForceSave = true;
objConfig.Save(ConfigurationSaveMode.Modified);
}
}
This code will effectivly encrypt the entire appSettings section to make it unviewable by people with access to the web server, but should not have access to the settings (i.e. server administrator). Below is a before and after shot of a protected appSettings section
<appSettings>
<add key="connectionString" value="Driver={SQL Native Client};Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;"/>
<add key="test" value="this is a test"/>
</appSettings>
<appSettings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>lp1R3ya0BYL9yI/vNYCyErq78X9XPwzUz7GC2ZnZ2/ruo1ESA9cQY7Vy0wV
t7u+lRWHZ7iW+nD8qZHW8xIktJNw5lg7bRUcqsCUmIUL0xUv8Miz/MwFR4kBtebk+JGaawzZQYUgW+Uc
EUW63nVF5J2ERqUDzoqR0GUlySC2tvh4=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>wkE0pqLLPVEaA1s625vA8nmDlMmsDz0m+UOdJz/g+H+792RwrC9Z/XuufuKnff3
W9ovkbNiGt8tBQmctqKkNkj0GXp53SAhmUq6AAy1tsXXBlBxiABIIE/POFlOlWVI3cmZte1b9q7SPRCw6Bh6o
HS2GS91O1sGFZUd7SZxK7oiq5FtaQX+97kvhNWTSb6go1dsCoGYbPOUY4FIEvPvxppdR1QLDsJIEme1BiyCi
3NcTUkWBfqmFWKCFzZgmZOkU2LjtBPAat9Cix9TEHqnInCYFmotUbBOsA/qk2YsbVSalbIw
NDMCR7Q==</CipherValue>
</CipherData>
</EncryptedData>
</appSettings>
You can still use the appSettings as normal, the only change is the way the data is held within the file.