Encrypting appSettings in web.config
I am developing a web app which requires a username and password to be stored in the web.Config, it also refers to some URLs which will be requested by the web app itself and never the client.
I know the .Net framework will not allow a web.config file to be served, however I still think its bad practice to leave this sort of information in plain text.
Everything I have read so far requires me to use a command line switch or to store values in the registry of the server. I have access to neither of these as the host is online and I have only FTP and Control Panel (helm) access.
Can anyone recommend any good, free encryption DLL's or methods which I can use? I'd rather not develop my own!
Thanks for the feedback so far guys but I am not able to issue commands and and not able to edit the registry. Its going to have to be an encryption util/helper but just wondering which one!
- Encrypting and Decrypting Configuration Sections (ASP.NET) on MSDN
- Encrypting Web.Config Values in ASP.NET 2.0 on ScottGu's blog
- Encrypting Custom Configuration Sections on K. Scott Allen's blog
EDIT: If you can't use asp utility, you can encrypt config file using SectionInformation.ProtectSection method.
Sample on codeproject: