How to encrypt configuration sections of your web.config using a custom RsaProtectedConfigurationProvider

  • Web.config encryption works with ASP.NET 2.0 or later. 
  • If you are migrated to another web server we will need a copy of the custom RSA key to install on your site.  We encourage you to save a copy of your RSA key on a disk or on your local computer. 

The RsaProtectedConfigurationProvider allows you to encrypt certain sections of the web.config using RSA keys. You must implement a custom RsaProtectedConfigurationProvider if you are encrypting with your own RSA keys.

To generate your own custom RSA keys and install it on the DiscountASP server, see the related Knowledge Base article, How to install your RSA keys for web.config encryption on DiscountASP.NET servers.

Then add the custom configProtectedData provider in your application's web.config. Replace the keyContainerName value with the same container name of your RSA key.
  <configProtectedData defaultProvider="MyRsaProtectedConfigurationProvider">
      <add name="MyRsaProtectedConfigurationProvider"
      type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
      useMachineContainer="true" />

You can then run the aspnet_regiis.exe tool to encrypt. For example, if you want to encrypt the connectionStrings of the WebSite1 application in the "Default Web Site" on your local computer, run the following command on your computer:

C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -pe "connectionStrings" -site "Default Web Site" -app "/WebSite1"

Upload your application to your DiscountASP website. The DiscountASP server should be able to decrypt your web.config since the same RSA key is installed on the server.

If you run into problems when using this code, please post in our community forum. Technical support is unable to assist with specific coding issues.