Much of the .Net code we ship (or will at some point ship) depends on sensitive values that are stored in web.config files. This sensitive information includes database usernames and passwords as well as application login names and passwords.
One way to protect this information is by using file permissions; obviously, if a user doesn't have read access to a .config file, they won't be able to open it and read the information. Unfortunately this isn't always practical.
Another method is to encrypt specific sections of the config file, such as connection strings. ASP.Net 2.0 includes a method to perform this in such a way that the values are transparently decrypted when used by .Net code, requiring no code changes at all.
The Channel9 Wiki has a very complete article on how to accomplish this; the short version is that the aspnet_regiis.exe tool is used (with a specific set of command line arguments) to encrypt selected sections of a config file.
We could perform this task at install time, automatically; however, we can also leave the decision to encrypt the config files up to the client, since they can implement this solution without any help from us or need for source code. The latter is probably the better solution since the client will be in the best position to determine whether a machine or user key should be used, etc.
Delayed encryption
Ideally, this encryption could be delayed until some point after the implementation. Implementors would need to be able to view and update this information while going through the installation and configuration process. Therefore, it would be helpful to be able to encrypt this information at a time chosen by the client/implementation team. Also, could this information be decrypted for future review by new team members?
Beau A.C. Harbin
Consulting Manager
Advanced Solutions International