I have two related questions:
What is the best way to managing deployment of web projects between environments? I just downloaded the .NET Web Deployment Project and it seems to handle things like replacing certain sections of the web.config
to match the environment, which is great. The other thing that I wanted to automate was the encryption of certain sections of the web.config
. Is there any way to 'auto-encrypt'
the web.config
sections after a publish?
The second question is where do you store your passwords in a web.config
? I want to encrypt the password but not the rest of the appSettings. Do I have to make a custom web.config
configuration setting area?
Encrypting a Web Configuration Section To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name of the configuration element to be encrypted. Use the –app option to identify the application for which the Web.
To secure passwords for configuration parameters, you can use an encrypted password file, separate from the configuration files. The pr0pass program maintains the password file, encrypting passwords for parameters in the configuration files.
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
We use RSA Protected Configuration to encrypt sections of our web.config manually after the webapp has been deployed to the new environment. The OS protects the keys for us. Hopefully that's helpful as you figure out how to automate your solution.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With