Encrypting and Decrypting Config Files
Thursday, November 19, 2009, 05:38 AM - Programming, .NET, C#, VB.NET, ASPX
I've talked for years about how you need to encrypt and decrypt Web.config and App.config files, but it took a spur for me to actually look it up. Here is the command for those of you as lazy as me:
c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis -pef connectionStrings . -prov DataProtectionConfigurationProvider
Decrypting is just as easy:
c:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_regiis -pdf connectionStrings .
Just a note, this only works on Web.config files. If you want to encrypt an App.config, just rename it Web.config, run the tool, then change the name back.
If you want to get hardcore and write your own tool, it's all available in the API:
Aaron Feng's Blog
Configuration configuration = ConfigurationManager.OpenExeConfiguration(appConfig);
ConfigurationSection section = this.configuration.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
section.SectionInformation.ForceSave = true;
configuration.Save(ConfigurationSaveMode.Modified);
}
To decrypt just do the oposite:
if (section.SectionInformation.IsProtected)
{
// …
section.SectionInformation.UnprotectSection();
// …
}
[ add comment ] | [ 0 trackbacks ] | permalink |
( 2.9 / 661 )log4net comes to Twitter
Tuesday, August 4, 2009, 10:34 AM - .NET
Someone turned me on last week to this cool log4net appender for Twitter. Basically, you configure your app to "log" to twitter for certain events, and it acts just like a normal appender. Very cool. [ add comment ] | [ 0 trackbacks ] | permalink |
( 2.9 / 667 )Scott Guthrie is Coming Again!
Wednesday, April 22, 2009, 02:17 PM - Programming, .NET, ASPX
Scott Guthrie, .net power ranger and slayer of dragons, is coming to Phoenix again on May 26, 2009! Make sure you click "Order Now" below (yes it's still free), head on over, and get signed up!
You don't want to miss this!
[ add comment ] | [ 0 trackbacks ] | permalink |
( 3 / 96 )Forcing HTTPS
Wednesday, April 22, 2009, 12:49 PM - Programming, .NET, C#, ASPX
I was wondering recently how to force the pages of my websites to always go to SSL, and found this little beauty. Stick it in your base page a viola, you are good to go. Oh yeah, want to debug on your local machine, just set requireSSL to false in your forms authentication block (just don't forget to set it back for production!)
protected void Page_Load(object sender, EventArgs e)
{
if (FormsAuthentication.RequireSSL == true){
if (HttpContext.Current.Request.IsSecureConnection == false){
Response.Redirect(Request.Url.ToString().Replace("http:","https:"));
}
}
}
[ add comment ] | [ 0 trackbacks ] | permalink |
( 2.9 / 75 )Top 10 Security Vulnerabilities in .NET Configuration Files
Tuesday, April 21, 2009, 03:33 PM - .NET, ASPX
This article on the Top 10 Security Vulnerabilities in .NET Configuration Files has some great information on things that I know I tend to forget or enable to make development easier, only to make it easier for hackers to take my site down. Definitely a good read.[ add comment ] | [ 0 trackbacks ] | permalink |
( 3 / 55 )Next
