Encrypting Password Information in Web.config

To encrypt Web.config’s appsettings section, including the database password:

1. Back up the unencrypted Web.config to another location, since the encrypted file will only work on the current machine.

2. Go to the directory containing Web.config (the environment’s TIWeb directory).

3. As Administrator, execute this at the command line:

   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pef "appSettings".

   The period at the end is part of the command.

   Look for this message:

   Encrypting configuration section... Succeeded!

   The appsettings section should now be encrypted.

4. Give ASPNET user access:

   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"

   Look for this message:

   Adding ACL for access to the RSA Key container... Succeeded!

To unencrypt:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pdf "appSettings"