From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Encrypting Web.config
- [Instructor] Another approach to protect sensitive information in web.config, just in case that someone somehow is stealing that file, is to encrypt this. And using IIS, we have the aspnet_regiis tool, which among other things registers asp.net with IIS. But it can do a bit more, it can also encrypt certain sections within that web.config file. We have aspnet_regiis, pe, the e stands for encrypt, then we provide the name typically we could encrypt the connectionStrings section because connectionStrings may contain sensitive information, and furthermore we have to provide the name of the app in which we would like to encrypt the connectionString section in web.config. We can also provide more information like which site, which encryption provider to use, etc. which you want. Then, aspnet is encrypting this part of web.config so if someone is stealing web.config, they have no idea what they should do with that encrypted information. Should you at one point eventually, would like to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Storing secrets in Web.config4m 19s
-
(Locked)
Externalizing Web.config settings3m 35s
-
(Locked)
Encrypting Web.config4m 21s
-
(Locked)
Azure Key Vault2m 36s
-
(Locked)
Managing the Key Vault with Azure Shell4m 45s
-
(Locked)
Password hashing1m 20s
-
(Locked)
Adding password hashing to the app3m 18s
-
(Locked)
-
-
-