Project Web.Config file usig RSA Algorithm

Post date: Mar 9, 2011 11:45:56 AM

This is done using a WebConfigurationManager and RsaProtectedConfigurationProvider and can protect the entire appsettings section

 

 

 using System.Web.Configuration;

//Encryption Setting 

private void EncryptAppSettings()

{

    Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

    AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");

    if (!objAppsettings.SectionInformation.IsProtected)

    {

        objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");

        objAppsettings.SectionInformation.ForceSave = true;

        objConfig.Save(ConfigurationSaveMode.Modified);

    }

}

 

//Decryption Settings:

 

private void DecryptAppSettings()

{

    Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

    AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");

    if (objAppsettings.SectionInformation.IsProtected)

    {

        objAppsettings.SectionInformation.UnprotectSection();

        objAppsettings.SectionInformation.ForceSave = true;

        objConfig.Save(ConfigurationSaveMode.Modified);

    }

}

 

This code will effectivly encrypt the entire appSettings section to make it unviewable by people with access to the web server, but should not have access to the settings (i.e. server administrator). Below is a before and after shot of a protected appSettings section

 

 

<appSettings>

  <add key="connectionString" value="Driver={SQL Native Client};Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;"/>

  <add key="test" value="this is a test"/>

</appSettings>

 

//Encrypted files

 

<appSettings configProtectionProvider="RsaProtectedConfigurationProvider">

  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"

   xmlns="http://www.w3.org/2001/04/xmlenc#">

   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">

     <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

      <KeyName>Rsa Key</KeyName>

     </KeyInfo>

     <CipherData>

      <CipherValue>lp1R3ya0BYL9yI/vNYCyErq78X9XPwzUz7GC2ZnZ2/ruo1ESA9cQY7Vy0wV

    t7u+lRWHZ7iW+nD8qZHW8xIktJNw5lg7bRUcqsCUmIUL0xUv8Miz/MwFR4kBtebk+JGaawzZQYUgW+Uc

    EUW63nVF5J2ERqUDzoqR0GUlySC2tvh4=</CipherValue>

     </CipherData>

    </EncryptedKey>

   </KeyInfo>

   <CipherData>

    <CipherValue>wkE0pqLLPVEaA1s625vA8nmDlMmsDz0m+UOdJz/g+H+792RwrC9Z/XuufuKnff3

    W9ovkbNiGt8tBQmctqKkNkj0GXp53SAhmUq6AAy1tsXXBlBxiABIIE/POFlOlWVI3cmZte1b9q7SPRCw6Bh6o

    HS2GS91O1sGFZUd7SZxK7oiq5FtaQX+97kvhNWTSb6go1dsCoGYbPOUY4FIEvPvxppdR1QLDsJIEme1BiyCi

    3NcTUkWBfqmFWKCFzZgmZOkU2LjtBPAat9Cix9TEHqnInCYFmotUbBOsA/qk2YsbVSalbIw

    NDMCR7Q==</CipherValue>

   </CipherData>

  </EncryptedData>

</appSettings>

You can still use the appSettings as normal, the only change is the way the data is held within the file.