Encrypted web.config method sharing
- 2020-05-30 19:48:17
- OfStack
1. Open notepad and copy the following code to a new file.
<%@ Page Language="C#" %>
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>
Save my.aspx to your web directory, run 1 and the form displays "NT AUTHORITY\NETWORK SERVICE". Success!
2. (key step 1) run cmd and execute the following
aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"
Note: register the default RsaProtectedConfigurationProvider RSA key container,
NetFrameworkConfigurationKey is the default provider for RsaProtectedConfigurationProvider. Success!
3. Now, you can encrypt web.config, run:
Encryption: aspnet_regiis-pe "connectionStrings" -app "/Myweb"
Note: "connectionStrings" is the section to be encrypted, and "/Myweb" is the web directory
Decryption: aspnet_regiis-pd "connectionStrings" -app "/Myweb"
Success!
4, so you can call in the program (no need to decrypt, ha ha
) :
...
string connstr= ConfigurationManager.ConnectionStrings["myConnstr"].ConnectionString.ToString();
...
Similarly, you can create your own RSA key container, as follows:
(1) create "MyKeys" key container and run: aspnet_regiis-pc "MyKeys" -exp
(2) add the following to web.config:
<protectedData>
<providers>
<add name="MyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0. 0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d0a3a,
processorArchitecture=MSIL"
keyContainerName="MyKeys"
useMachineContainer="true" />
</providers>
</protectedData>
Save.
(3) grant the account access to the computer level "MyKeys" RSA key container, run:
aspnet_regiis -pa "MyKeys" "NT AUTHORITY\NETWORK SERVICE"
(4) now, you can encrypt web.config, run:
Encryption: aspnet_regiis-pe "connectionStrings" -app "/Myweb" -prov "MyProvider"
Note: "connectionStrings" is the section to be encrypted, "/Myweb" is the web directory, "MyProvider" is its own key container
Decryption: aspnet_regiis-pd "connectionStrings" -app "/Myweb" -prov "MyProvider"