Difference between revisions of "Encrypting the web.config"
Thewikiadmin (talk | contribs) |
Thewikiadmin (talk | contribs) |
||
| Line 2: | Line 2: | ||
== Overview == | == Overview == | ||
| − | + | <br/> As the web.config contains sensitive information, it is important that it is encrypted. | |
| − | + | The encryption should only occur once the validation of the application has been completed, as the encryption process is not easily reversible. | |
| − | + | == Make a backup of the web.config == | |
| − | + | Copy the web.config into a secure location. You must ensure that the password and any other information that is sensitive be extracted. This allows the administrator to make configuration changes in the future and provides a starting point. | |
| − | == Prepare the Web.Config == | + | == <br/> Prepare the Web.Config == |
One line in the web.config has to be temporarily commented. | One line in the web.config has to be temporarily commented. | ||
| Line 18: | Line 18: | ||
should be changed to | should be changed to | ||
| − | + | == Encrypt the web.config == | |
| − | + | <br/> Open the command prompt as an administrator. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Navigate to "C:\Windows\Microsoft.NET\Framework\v4.0.30319"; e.g. "cd C:\Windows\Microsoft.NET\Framework\v4.0.30319" | |
| − | + | Run the following command and change it to reflect the actual location of the web application: | |
| − | + | aspnet_regiis.exe -pef STSSettings "D:\orbital-lite" | |
| − | + | == <br/> Verify the encryption of the web.config == | |
| − | + | Confirm that no sensitive data remains in the web.config | |
== Finalize the Web.Config == | == Finalize the Web.Config == | ||
| Line 40: | Line 36: | ||
We need to change back the line that was previously commented. | We need to change back the line that was previously commented. | ||
| − | | + | |
should be changed back to | should be changed back to | ||
| Line 46: | Line 42: | ||
<section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/> | <section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/> | ||
| − | == | + | == Test the application == |
| − | == | + | == Ensure that the application is operating as expected. == |
| + | |||
| + | | ||
Revision as of 20:37, 16 January 2020
Contents
Overview
As the web.config contains sensitive information, it is important that it is encrypted.
The encryption should only occur once the validation of the application has been completed, as the encryption process is not easily reversible.
Make a backup of the web.config
Copy the web.config into a secure location. You must ensure that the password and any other information that is sensitive be extracted. This allows the administrator to make configuration changes in the future and provides a starting point.
Prepare the Web.Config
One line in the web.config has to be temporarily commented.
<section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/>
should be changed to
Encrypt the web.config
Open the command prompt as an administrator.
Navigate to "C:\Windows\Microsoft.NET\Framework\v4.0.30319"; e.g. "cd C:\Windows\Microsoft.NET\Framework\v4.0.30319"
Run the following command and change it to reflect the actual location of the web application:
aspnet_regiis.exe -pef STSSettings "D:\orbital-lite"
Verify the encryption of the web.config
Confirm that no sensitive data remains in the web.config
Finalize the Web.Config
We need to change back the line that was previously commented.
should be changed back to
<section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/>
Test the application
Ensure that the application is operating as expected.
