Use the command line tool aspnet_regiis.exe
You can also use the aspnet_regiis.exe command line tool to encrypt and decrypt the Web.config file configuration part. You can do this in "%WINDOWSDIR%\Microsoft.Net\Framework\version" Find this tool in the directory. In order to encrypt a section in the Web.config file, you can use the DPAPI machine key in this command line tool, as shown below:
The general form of encrypting the Web.config file of a specific website:
aspnet_regiis.exe -pef section physical_directory -prov provider
Or:
aspnet_regiis.exe -pe section -app virtual_directory -prov provider
Specific examples of encrypting the Web.config file of a specific website:
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite" -prov "DataProtectionConfigurationProvider"
Or:
aspnet_regiis.exe -pe "connectionStrings" -app "/MySite" -prov "DataProtectionConfigurationProvider"
Decrypting the Web.config file of a specific website General form:
aspnet_regiis.exe -pdf section physical_directory
Or:
aspnet_regiis.exe -pd section -app virtual_directory
Specific example of decrypting the Web.config file of a specific website:
aspnet_regiis.exe -pdf "connectionStrings" "C:\Inetpub\wwwroot\MySite"
Or:
You can also specify the aspnet_regiis .exe to perform encryption/decryption of the machine.config file.
[Tip] Encrypt configuration settings in ASP.NET version 1.x
To protect configuration settings in ASP.NET version 1.x, developers need to encrypt and store sensitive settings in the web server's registry table and stored in a "strong" key manner. Rather than storing encrypted content (as in ASP.NET 2.0), the configuration file simply contains a reference to the registry key where the encrypted value is stored. For example:
<identity impersonate="true" userName="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,userName" password="registry:HKLM\SOFTWARE\MY_SECURE_APP\identity\ASPNET_SETREG,password" />
Microsoft provides developers with the aspnet_setreg.exe command line tool to encrypt sensitive configuration information and move it to a "strong" registry entry. Unfortunately, this tool only works against specific configuration settings; in contrast, ASP.NET 2.0 allows any configuration section to be encrypted.
For more information about using aspnet_setreg.exe in an ASP.NET 1.x application, please refer to KB#32990 in MSDN. Unfortunately, this command-line program can only encrypt predefined sections in configuration settings and does not allow you to encrypt database connection strings and other sensitive information that you add yourself.
Encryption example:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pdf connectionStrings I:\代码仓库\wt_Projects\WebSites\WebSite
For more articles related to asp.net web.config encryption and decryption methods, please pay attention to the PHP Chinese website!