3
votes

I need to encrypt sections of my web.config file for a client. Most of the references I've seen are to using aspnet_regiis to do the encryption. However, as far as I can see, this needs to happen on the web server which will host the site, which means the encrypted values will be different for each server. I don't have access to this client's servers. I found a passing reference to the possibility of encryping the web.config data in a way that is portable across servers, but haven't found any more detailed information. Does anyone know how to do this?

1

1 Answers

3
votes

you need to encrypt it using RSA because with the RSAProtectedConfigurationProvider you could copy your key across server.

Web Farm Scenarios
You can use RSA encryption in Web farms, because you can export RSA keys. You need to do this if you encrypt data in a Web.config file prior to deploying it to other servers in a Web farm. In this case, the private key required to decrypt the data must be exported and deployed to the other servers.

Using the RSA Provider to Encrypt a Connection String in Web.config in a Web Farm

To do this, you must create a custom RSA encryption key container and deploy the same key container on all servers in your Web farm. This won't work by default because the default RSA encryption key, "NetFrameworkConfigurationKey", is different for each computer.

So, scrool down to the "Web Farm Scenarios" section of the above link and follow the steps.