How To: Encrypt the Web.config Without Running Configuration Wizard

How To: Encrypting the Web.config Without Running Configuration Wizard

Applies To: All versions of AspDotNetStorefront

So, we have all had the need to encrypt the web.config after uploading changes, but cannot run the Configuration Wizard, because it invariably resets something we had not intended.  Well, for those of you having RDP or Command Line access to your servers, you can do this manually!

  1. Login to your server
  2. c:\WINDOWS\Microsoft.NET]Framework\v2.0.50727 > aspnet_regiis -pef "appSettings" "c:\inetpub\wwwroot\{location of your web}" -prov "DataProtectionConfigurationProvider"
    1. It's helpful to know here that the DataProtectionConfigurationProvider must be added, as this is the encryption / decryption provider used by AspDotNetStorefront.  If you use another style, your web application will not be able to read your settings, and this, as you might guess, is very bad news.
    2. It's also worth noting that should you ever need to decrypt, use -pdf in place of -pef to decrypt, removing the provider switch.
  3. Reset your admin cache and your web.config warning is gone.

Add Feedback