Encrypting passwords in web.config appSettings without ASPNET_REGIIS

Question

<appSettings>
<add key="uname" value="user001" />
<add key="pword" value="pass001" />
</appSettings>

I'm trying to encrypt the password (pword) in the web.config file. One method is by using ASPNET_REGIIS. Is there any other way so that, instead of directly typing the password on web.config file, I can encrypt it in the server side code? i.e, by writing some encryption and decryption methods. Or using DESCryptoServiceProvider class?

score 0 · Answer 1 · edited May 23 '17 at 12:00

You certainly can encrypt it server side using some form of symmetric encryption.

See here a good example of using string encryption/decryption using AES: https://stackoverflow.com/a/10177020/783836

Note that you would to

need to manage the encryption/decryption key https://security.stackexchange.com/questions/44589/aes-key-management
encrypt the data before initially entering it into the web config

Encrypting passwords in web.config appSettings without ASPNET_REGIIS

1 Answers1