Tag: iis

Posted on by Leave a comment

Encrypting web.config Sections

1. First, add following to web.config within the container

---------------------BEGIN:  configProtectedData ---------------------


---------------------END:  configProtectedData ---------------------

2. Below is an example .bat or .cmd file for encrypting sensitive sections of the web.config for a given .NET web application. Change the {PATH} to the physical path to the web application's folder.

---------------------BEGIN:  encrypt.cmd ---------------------

@echo off


REM *********************************************************

REM ** APP_PATH

REM ** Change {PATH} below to path of physical location where

REM ** application is installed

REM **

REM ** ASP_PATH

REM ** Location of ASP.NET framework

REM *********************************************************

SET APP_PATH="{PATH}"

SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe

SET ASP_OPT=-pef

SET ASP_PROV="MY_PROVIDER"


%ASP_PATH% %ASP_OPT% "connectionStrings"


%APP_PATH% -prov %ASP_PROV%


pause

---------------------END:  encrypt.cmd ---------------------
A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx

Posted on by Leave a comment

Managing Key Store

———————BEGIN: create_keystore.cmd ———————
@echo off
REM *********************************************************
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM **
REM ** Warning: keep the exported key in a safe place
REM ** you will not be able to decrypt data using
REM ** a recreated keystore even by same name
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
REM To Delete Key store
REM %ASP_PATH% -pz “MY_KEYS”

REM To Create key store
%ASP_PATH% -pc “MY_KEYS” -exp

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

REM To Export key store
%ASP_PATH% -px “MY_KEYS” “d:tempcryptoMY_KEYS.xml” -pri

———————END: create_keystore.cmd ———————

———————BEGIN: import_keystore.cmd ———————

@echo off
REM *********************************************************
REM **
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe

REM To Delete Key store
%ASP_PATH% -pz “MY_KEYS”

REM To Import Key Store
%ASP_PATH% -pi “MY_KEYS” “d:tempcrypto375CSPTS_KEYS.xml”

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

———————END: import_keystore.cmd ———————

A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx