Encrypting the web.config

From
Revision as of 20:33, 16 January 2020 by Thewikiadmin (talk | contribs) (Created page with " == [[|<span style="font-size:12.0pt" lang="EN-US"><span style="line-height:115%">Completing the Process</span></span>]] == == <span style="font-size:10.0pt" lang="EN-US"><sp...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

[[|Completing the Process]]

As the web.config contains sensitive information, it is important that it is encrypted.

The encryption should only occur once the validation of the application has been completed, as the encryption process is not easily reversible.

Make a backup of the web.config

                Copy the web.config into a secure location.  You must ensure that the password and any other information that is sensitive be extracted.  This allows the administrator to make configuration changes in the future and provides a starting point.

Prepare the Web.Config

One line in the web.config has to be temporarily commented.

    <section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/>

should be changed to

 

 

Encrypt the web.config

Open the command prompt as an administrator.

Navigate to "C:\Windows\Microsoft.NET\Framework\v4.0.30319";  e.g. "cd C:\Windows\Microsoft.NET\Framework\v4.0.30319"

Run the following command and change it to reflect the actual location of the web application:

aspnet_regiis.exe -pef STSSettings "D:\orbital-lite"

Verify the encryption of the web.config

                Confirm that no sensitive data remains in the web.config

Finalize the Web.Config

We need to change back the line that was previously commented.

 

should be changed back to

    <section name="STSSettings" type="LiteSTS.Common.Configuration.STSConfig"/>

Test the application

Ensure that the application is operating as expected.

Retrieved from "https://sts.radiusworks.com/wiki/index.php?title=Encrypting_the_web.config&oldid=46"