How to encrypt one entry in web.config
Solution 1:
You could put the password into a separate section and encrypt this section only. For example:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<appSettings>
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="SessionEmail" value="[email protected]" />
<add key="DefaultFolder" value="789" />
</appSettings>
<secureAppSettings>
<add key="Password" value="asdfasdf" />
</secureAppSettings>
</configuration>
and then (note that I am using DPAPI in my example so adapt the provider for RSA):
aspnet_regiis -pef secureAppSettings . -prov DataProtectionConfigurationProvider
Once encrypted the file will look like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="secureAppSettings" type="System.Configuration.NameValueSectionHandler, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<appSettings>
<add key="Host" value="www.foo.com" />
<add key="Token" value="qwerqwre" />
<add key="AccountId" value="123" />
<add key="DepartmentId" value="456" />
<add key="SessionEmail" value="[email protected]" />
<add key="DefaultFolder" value="789" />
</appSettings>
<secureAppSettings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd.......</CipherValue>
</CipherData>
</EncryptedData>
</secureAppSettings>
</configuration>
The way you would access those settings in your application once the file is encrypted is still the same and completely transparent:
var host = ConfigurationManager.AppSettings["Host"];
var password = ConfigurationManager.AppSettings["Password"];
Solution 2:
In c# and .Net 4.5 I had to use this to read the encrypted setting:
string password = ((System.Collections.Specialized.NameValueCollection)ConfigurationManager.GetSection("secureAppSettings"))["Password"];
but otherwise works a treat.
Solution 3:
You can't encrypt a single entry - the infrastructure only allows for encryption of whole config sections.
One option is to place the entry in its own config section and encrypt that.