I tried using aspnet_regiis but had trouble specifying the section path. Switching to a code based approach, I enumerated the sections & learned there are SectionGroups, that only Sections can be encrypted, and that Elmah is a SectionGroup, so I need to encrypt the errorMail section under the elmah SectionGroup. I know a little more than yesterday.
This is the snippet, if it's useful to someone else down the line, from global.asax.cs:
private static void ToggleWebEncrypt(bool Encrypt)
{
// Open the Web.config file.
Configuration config = WebConfigurationManager.OpenWebConfiguration("~");
//.... (protect connection strings, etc)
ConfigurationSectionGroup gpElmah = config.GetSectionGroup("elmah");
if (gpElmah != null)
{
ConfigurationSection csElmah = gpElmah.Sections.Get("errorMail");
ProtectSection(encrypted, csElmah);
}
//.... other stuff
config.Save();
}
private static void ProtectSection(bool encrypted, ConfigurationSection sec)
{
if (sec == null)
return;
if (sec.SectionInformation.IsProtected && !encrypted)
sec.SectionInformation.UnprotectSection();
if (!sec.SectionInformation.IsProtected && encrypted)
sec.SectionInformation.ProtectSection("CustomProvider");
}