Under some scenarios, developers want to encrypt some sections inside app.config or web.config file. This article How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA describes how to do so clearly, Scott Guthrie also posted one: Encrypting Web.Config Values in ASP.NET 2.0.
However, in the posts above, they use aspnet_regiis.exe and it seems it doesn’t directly support app.config, if we want to encrypt app.config for Windows Form or WPF applications While I tried use it to encrypt my app.config file, it generates a web.config which means my Winform definitely can’t use it, even if I copy the encrypted appSettings
section from this generated web.config to my own app.config (ConfigurationManager.AppSettings[EncryptedKeyName]
is null
after I did that).
After several minutes of Google search and testing, I found the code below is simple and very straight forward to achieve this:
Configuration config = ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
SectionInformation appSettingsSecInfo = config.GetSection(
"appSettings").SectionInformation;
if (!appSettingsSecInfo.IsProtected)
{
Console.WriteLine("The configuration file has NOT been protected!");
appSettingsSecInfo.ProtectSection("RsaProtectedConfigurationProvider");
appSettingsSecInfo.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
}
This code snippet will do the encryption job and works for both app.config/web.config. Here is the MSDN definition page for SectionInformation.ProtectSection
.
References
Wayne is a software developer, Tech Lead and also a geek. He has more than 6 years' experience in Web development(server: ASP.NET (MVC), Web Service, IIS; Client: HTML/CSS/JavaScript/jQuery/AJAX), Windows development (Winform, Windows Service, WPF/Silverlight, Win32 API and WMI) and SQL Server. Deep understanding of GOF Design Patterns, S.O.L.i.D principle, MVC, MVVM, Domain Driven Design, SOA, REST and AOP.
Wayne's Geek Life
http://WayneYe.com
Infinite passion on programming!