.NET 2.0: On-demand Configuration Encryption
In .NET 2.0, apsnet_regiis can encrypt and decrypt sections of web.config and machine.config using RSA, DPAPI, or any other custom encryption provider. However, how do we encrypt/decrypt a custom application configuration (e.g. app.config of a WinForms application)?
We are in luck, since the System.Configuration namespace provides everything we need to accomplish this task. The following class, for example, can be used to encrypt/decrypt any .NET configuration file:
///
/// Implements a utility class that enables encrypting / decrypting
/// sections in .NET configuration files.
///
internal static class ConfigEncryptionHelper
{
#region Encryption Methods
///
/// Encrypts a section in a .NET configuration file using a named provider.
///
/// Physical path of configuration file.
/// Section name to encrypt.
/// Name of the encryption provider.
public static void EncryptConfigSection(string configPath, string sectionName, string protectionProviderName)
{
// Map the configuration file
ExeConfigurationFileMap fileMap = new ExeConfigurationFileMap();
fileMap.ExeConfigFilename = configPath;
// Open configuration file
Configuration config = ConfigurationManager.OpenMappedExeConfiguration(fileMap, ConfigurationUserLevel.None);
// Get the desired section
ConfigurationSection section = config.GetSection(sectionName);
// Encrypt the section
if (!section.SectionInformation.IsProtected)
section.SectionInformation.ProtectSection(protectionProviderName);
// Save configuration file
config.Save();
}
///
/// Encrypts a section in a .NET configuration file using DataProtectionProvider.
///
/// Physical path of configuration file.
/// Section name to encrypt.
public static void EncryptConfigSection(string configPath, string sectionName)
{
EncryptConfigSection(configPath, sectionName, "DataProtectionConfigurationProvider");
}
#endregion
#region Decryption Methods
///
/// Decrypts a section in a .NET configuration file.
///
/// Physical path of configuration file.
/// Section name to encrypt.
public static void DecryptConfigSection(string configPath, string sectionName)
{
// Map the configuration file
ExeConfigurationFileMap fileMap = new ExeConfigurationFileMap();
fileMap.ExeConfigFilename = configPath;
// Open configuration file
Configuration config = ConfigurationManager.OpenMappedExeConfiguration(fileMap, ConfigurationUserLevel.None);
// Get the desired section
ConfigurationSection section = config.GetSection(sectionName);
// Decrypt section
if (section.SectionInformation.IsProtected)
section.SectionInformation.UnprotectSection();
// Save configuration file
config.Save();
}
#endregion
}
