Encrypting app.config File

You cannot encrypt the entire <system.serviceModel> - it's a configuration section group, which contains configuration sections.

The aspnet_regiis will only encrypt configuration sections - so you need to selectively encrypt those parts you need, like this:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis.exe -pef "system.serviceModel/bindings" .
aspnet_regiis.exe -pef "system.serviceModel/services" .

etc.

With this, you can encrypt what you need easily - what isn't too important, can be left in clear text.

Word of warning: since it's aspnet_regiis, it expects to be dealing with a web.config file - copy your app.config to a location and call it web.config, encrypt your sections, and copy those encrypted sections back into your own app.config.

Or write your own config section encrypter/decrypter - it's really just a few lines of code! Or use mine - I wrote a small ConfigSectionCrypt utility, come grab it off my OneDrive - with full source (C# - .NET 3.5 - Visual Studio 2008). It allows you to encrypt and decrypt sections from any config file - just specify the file name on the command line.


I use the following to encrypt my connection strings in web.config, why not use the same for yourself. I am not sure though.

To Encrypt:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "\myWebSitePath"

To Decrypt:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "\myWebsitePath"

Put them in bat files so you can encrypt or decrypt on the fly.


You must set a reference to System.Configuration.dll in your project for the code to run. 

ExeConfigurationFileMap configFileMap = new ExeConfigurationFileMap();
                configFileMap.ExeConfigFilename = exeConfigName;
                System.Configuration.Configuration myConfig = ConfigurationManager.OpenMappedExeConfiguration(configFileMap, ConfigurationUserLevel.None);

                ConnectionStringsSection section = myConfig.GetSection("connectionStrings") as ConnectionStringsSection;

                if (section.SectionInformation.IsProtected)
                {
                    // Remove encryption.
                    section.SectionInformation.UnprotectSection();
                }
                else
                {
                    // Encrypt the section.
                    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
                }

                myConfig.Save();

Tags:

C#

Recent Posts