Encrypt your connections strings and application settings in code
You can encrypt the appSettings and connectionStrings sections of your web.config file via code when your application first starts. To do this, create a file named "global.asax" in your root directory and add this code to Application_Start method.
<%@ Application Language="VB" %>
<%@ Import Namespace="System.Configuration" %>
<%@ Import Namespace="System.Web.Configuration" %>
<script runat="server">
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs on application startup
' Get the file path
Dim path As String = HttpContext.Current.Request.CurrentExecutionFilePath
path = path.Substring(0, path.LastIndexOf("/"))
' Get the appSetting and connectionStrings sections
Dim config As System.Configuration.Configuration = WebConfigurationManager.OpenWebConfiguration(path)
Dim appSettings As ConfigurationSection = config.GetSection("appSettings")
Dim connectionSettings As ConfigurationSection = config.GetSection("connectionStrings")
' Encrypt the appSettings and connectionStrings sections if they are not already protected
If appSettings.SectionInformation.IsProtected = False Then
appSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
' To unprotect this section, use:
'appSettings.SectionInformation.UnprotectSection()
End If
If connectionSettings.SectionInformation.IsProtected = False Then
connectionSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
' To unprotect this section, use:
'connectionSettings.SectionInformation.UnprotectSection()
End If
Try
config.Save()
Catch ex As Exception
' If an error occurs, it is most likely a permissions error
' so make sure the ASP.NET process account has write permissions for the web.config file
End Try
End Sub