views:

58

answers:

3

My aim is to make the web.config not readable by external users, but my application should be able to access it. Is there any way to do this?

I have tried the following way, but how to set the application to use string instead of web.config?

I want to encrypt my web.config file so that others do not open the file using any editor like notepad. But my application should be able to use the same web.config file. I could encrypt the web.config file and decrypt it inside the application and I saved the entire web.config to a string file. Now I want to use this string variable instead of web.config(now in encrypted form, which cannot be accessed by the application).

+4  A: 

There's an inbuilt mechanism for doing this, please see the tutorial:

http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx

Paddy
+1  A: 

Why not just encrypt the string variable and store it int he AppSettings section of the web config? I see no reason to encrypt the entire web.config file.

dcp
A: 

Use the Aspnet_regiis.exe utility to do this.

Chathuranga Chandrasekara