Automatically encrypt sections of web.config after deploy / publish?

Joel picture Joel · Jun 4, 2009 · Viewed 9.7k times · Source

I have two related questions:

What is the best way to managing deployment of web projects between environments? I just downloaded the .NET Web Deployment Project and it seems to handle things like replacing certain sections of the web.config to match the environment, which is great. The other thing that I wanted to automate was the encryption of certain sections of the web.config. Is there any way to 'auto-encrypt' the web.config sections after a publish?

The second question is where do you store your passwords in a web.config? I want to encrypt the password but not the rest of the appSettings. Do I have to make a custom web.config configuration setting area?

Answer

x0n picture x0n · Jun 4, 2009

Hey Joel - the web deployment project is a bit dated now - check out the MS Deploy tool instead (it will be shipping with vs2010, but it's available stand-alone now). What you're asking is probably not handled out of the box with MSDeploy (machine-specific DPAPI encryption), but since the tool is integrated with powershell, you can use the powershell v2 CTP3 remoting feature to run the script to encrypt your configs on each machine, remotely (which is the only way you can access machien-local DPAPI anyway.)

This guy here does something similar:

http://forums.iis.net/p/1156413/1904975.aspx

-Oisin