How to encrypt configuration sections of your web.config using a custom RsaProtectedConfigurationProvider

Web.config encryption works with ASP.NET 2.0 or higher.

The RsaProtectedConfigurationProvider allows you to encrypt certain sections of the web.config using RSA keys. You must implement a custom RsaProtectedConfigurationProvider if you are encrypting with your own RSA keys.

To generate your own custom RSA keys and install it on the DiscountASP.NET server, see the related Knowledge Base article, How to install your RSA keys for web.config encryption on DiscountASP.NET servers.

Then add the custom configProtectedData provider in your application's web.config. Replace the keyContainerName value with the same container name of your RSA key.

 
<configuration>
  <configProtectedData defaultProvider="MyRsaProtectedConfigurationProvider">
    <providers>
      <add name="MyRsaProtectedConfigurationProvider"
      type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
      keyContainerName="NetFrameworkConfigurationKey_username"
      useMachineContainer="true" />
    </providers>
  </configProtectedData>
</configuration>

You can then run the aspnet_regiis.exe tool to encrypt. For example, if you want to encrypt the connectionStrings of the WebSite1 application in the "Default Web Site" on your local computer, run the following command on your computer:

C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -pe "connectionStrings" -site "Default Web Site" -app "/WebSite1"

Upload your application to your DiscountASP.NET website. The server should be able to decrypt your web.config since the same RSA key is installed on the server.

If you run into problems when using this code, please post in our community forum. Technical support is unable to assist with specific coding issues.