protect (encrypt) password in the web.config file (asp.net)

Question

 <system.net>
  <mailSettings>
   <smtp from="[email protected]" deliveryMethod="Network">
    <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" [email protected] " password="password" enableSsl="true" />
   </smtp>
  </mailSettings>
 </system.net>

This is the case where I need encryption for my password. I searched and googled much on the web but I can’t be able to encrypt anymore.

Can anyone help me do this in a simple but secure way.

Answer 1

I wrote an article about that on my blog: http://pvlerick.github.io/2009/03/encrypt-appconfig-section-using-powershell-as-a-post-build-event

My idea was that you want the password to be clear in the IDE, but encrypted in the output folder's web.config/app.config.

The script is

param(
  [String] $appPath = $(throw "Application exe file path is mandatory"),
  [String] $sectionName = $(throw "Configuration section is mandatory"),
  [String] $dataProtectionProvider = "DataProtectionConfigurationProvider"
)

#The System.Configuration assembly must be loaded
$configurationAssembly = "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a"
[void] [Reflection.Assembly]::Load($configurationAssembly)

Write-Host "Encrypting configuration section..."

$configuration = [System.Configuration.ConfigurationManager]::OpenExeConfiguration($appPath)
$section = $configuration.GetSection($sectionName)

if (-not $section.SectionInformation.IsProtected)
{
  $section.SectionInformation.ProtectSection($dataProtectionProvider);
  $section.SectionInformation.ForceSave = [System.Boolean]::True;
  $configuration.Save([System.Configuration.ConfigurationSaveMode]::Modified);
}

Write-Host "Succeeded!"

The post-build command is

powershell "& ""C:Documents and SettingsVlericPMy DocumentsWindowsPowerShellEncryptAppConfigSection.ps1""" '$(TargetPath)' 'connectionStrings'