Encrypt ConnectionString of Web.Config

In ordre to add security, we need to encrypt connectionstring section of web.config file. As web.config is plain text file, if not encrypted, username and password used for making database connection will be exposed to any reader.

Encrypting Web.Config

  1. Open Command Prompt with Administrator privileges
  2. At the Command Prompt, enter:
    cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
  3. In case your web Config is located in “I:\alt_sites\sample_app\www” directory path, then enter the following to encrypt the ConnectionString:
    ASPNET_REGIIS -pef “connectionStrings” “I:\alt_sites\sample_app\www
    Use Aspnet_regiis.exe tool with the –pef option and specify the application path as shown above.
    Note: The parameter “connectionStrings” is case sensitive.

To Decrypt encrypted connection string use -pdf option as

ASPNET_REGIIS -pdf “connectionStrings” “I:\alt_sites\sample_app\www