Generate encrypted IIS app pool identity password using IISWASOnlyAesProvider

Question

I'd like to generate an encrypted password using the algorithm used in IIS.

The encrypted value looks like this (in applicationHost.config):

<applicationPools> 
    <add name="MyAppPool"> 
        <processModel identityType="SpecificUser" userName="TestUser" 
password="[enc:IISWASOnlyAesProvider:N8mr4dLU6PnMW5xlmCWg6914cKePgeU0fTbxew 
ZppiwyTLmBQh0mZnFywQO78pQY:enc]" /> 
    </add> 
</applicationPools>

Reference: http://technet.microsoft.com/en-us/library/dd163536.aspx

I see the machine keys are stored here:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

Reference: http://www.asprangers.com/post/2012/05/03/MachineKeys-on-IIS-7x-Inside-Out.aspx

I'd like to write some c# to do this but i'm not a cryptography expert... Can I use something like the code in the accepted SO answer below using the clear text password and key from machine keys to generate the encrypted password as shown above?

Using AES encryption in C#

Answer 1

Why are you trying to generate one like IIS, is it to store it in IIS configuration? If so the configuration API's should do that for you automatically, you can use Microsoft.Web.Administration.ServerManager for that, such as:

    using(ServerManager serverManager = new ServerManager()) { 
        Configuration config = serverManager.GetApplicationHostConfiguration();

        ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");

        ConfigurationElement virtualDirectoryDefaultsElement = sitesSection.GetChildElement("virtualDirectoryDefaults");
        virtualDirectoryDefaultsElement["password"] = @"asd";

        serverManager.CommitChanges();
    }