How to encrypt the web.config file in ASP.NET?

It is very easy to encrypt the web.config file thanks to the .NET built-in tool aspnet_regiis.exe. We can run this tool in the command line, pass a few parameters and it will encrypt your web.config file.

We will be leveraging the .NET tool aspnet_regiis.exe which can be found in the directory C:\Windows\Microsoft.NET\Framework64\v4.0.30319, the Framework64 and v4.0.30.319 may differ depending on what machine and version of .NET you are running.

Here is the web.config file we will be encrypting:

The format of the inputs are:

aspnet_regiis encryption command

-pef is to specify that you are encrypting the web.config file. You can also pass in an encryption provider -prov and specify the provider you want to use to encrypt, in my case I didn’t provide any so the default (RsaProtectedConfigurationProvider) provider is used.

Note how you don’t have to specify the actual web.config file in the path, it will automatically find the file (since there can only be one in one directory) and encrypt/decrypt it.

One error most people get and have difficult debugging is in the path they will end with \ ex. "C:\Users\Documents\Visual Studio 2013\Projects\mvc4Proj\mvc4Proj\" this will give you and error saying "Illegal characters in path. Failed!"

Web.config file after encrypting:

You can see only the section which was specified was encrypted, entityFramework section is untouched.

For decryption the command is similar except change -pef to -pdf. If you are using specifying a specific provider while encrypting you don’t have to specify it while decrypting.

Bookmark and Share

2 Responses

  1. Rick January 4, 2017 / 5:16 am

    Thanks – this is the only site that explained I didn’t need the trailing backslash! Awesome 🙂

    • habbo coins hack 2014 June 27, 2017 / 5:07 am

      With havin so much content do you ever run into any problems of plagorism or copyright violation? My site has a lot of unique content I’ve either authored myself or outsourced but it looks like a lot of it is popping it up all over the internet without my permission. Do you know any ways to help reduce content from being ripped off? I’d genuinely appreciate it.

Leave a Reply

Your email address will not be published. Required fields are marked *