I have the entries below in my Web.config and I am using .NET 2.0 and C# for coding.
<add key="userName" value="s752549"/>
<add key="userPassword" value="Delhi@007"/>
Now I want this to be encrypted so that开发者_如何学JAVA nobody can see it, and also these passwords may change frequently (every fifteen days).
Just wanted to add to this, the marked answer was 99% complete, but it didn't provide how to specify the location of the web config. Rather than root around the internet, thought I'd just post the complete command. As such, here is the command I executed
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis -pef "secureAppSettings" "C:\MyLocalPublishDirectory\MyApp" -prov DataProtectionConfigurationProvider
You could put the username and password into a separate section and encrypt this section only. For example:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<appSettings>
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="SessionEmail" value="foo@foo.com" />
<add key="DefaultFolder" value="789" />
</appSettings>
<secureAppSettings>
<add key="userName" value="s752549"/>
<add key="userPassword" value="Delhi@007"/>
</secureAppSettings>
</configuration>
and then use aspnet_regiis
For Ex:
aspnet_regiis -pef secureAppSettings . -prov DataProtectionConfigurationProvider
You can Protect / Unprotect entire config sections in .NET.
For more info see http://www.codeproject.com/Articles/38188/Encrypt-Your-Web-config-Please.aspx
you could use aspnet_regiis, see http://msdn.microsoft.com/en-us/library/zhhddkxy(v=VS.80).aspx
精彩评论