I want to encrypt the connection string in my web config file. I have encrypted the connection string successfully on my local machine. I am able to retrieve data using the encrypted connection string. However, when I push my code to the website I get an exception. The exception happens because the encryption was created by one user and the decryption is attempted by another user. My local web site is file based not iis based and when I try the recomendations mentioned in the sample documentation the encryption does not work because my site is not iis based. The code I tried is shown below. aspnet_regiis.exe -pe "connectionStrings" -site "Default Web Site" -app "/WebSite1" I am getting this error because my site is file based and not iis based but I do not know what to do. Any help would be greatly appreciated. I do not understand. I have several questions: What is the reason encryption is suggested? Can anyone read the web.config file? Wat is the security risk of plain text in the web.config?
1) Have you followed the steps in the KB article? It didn't sound like you sent us encryption key to install. What is the reason encryption is suggested? We are neutral about whether customer should encrypt their connection string. It really depends on your security requirement. 2. Can anyone read the web.config file? customers on the same server cannot access your web.config. People with your FTP login can download and view the web.config. 3. Wat is the security risk of plain text in the web.config? Your database credential can be stolen.
