MSDN Archive Home
Help and FAQs
Pkcs12 Protected Configuration Provider
All Resource Updates
Change History (all pages)
One of the primary places that sensitive information is stored in an ASP.NET application is the Web.config file. To help secure information in configuration files, ASP.NET provides a feature called protected configuration, which enables you to encrypt sensitive information in a configuration file. The recommended approach is to use either of the protected configuration providers included in the .NET Framework (DpapiProtectedConfigurationProvider or the RsaProtectedConfigurationProvider ).
Unfortunately, these two protected configuration providers do not work as such on Windows Azure. To use the RsaProtectedConfigurationProvider in a web farm scenario, requires transferring an RSA key pair in an XML file to each of the servers in the web farm and then importing the key to a key container. This XML file is supposed to be removed from the servers after importing the key . On Windows Azure, since the account running the Web role doesn’t have permissions to delete files in the web root, it is not possible to remove this XML file.
This code sample is a custom protected configuration provider  that can be used to encrypt configuration settings in a Web.config file deployed on Windows Azure. The Personal Information Exchange format (PFX, also called PKCS #12) enables transfer of certificates and their corresponding private keys from one computer to another. This custom protected configuration provider is similar to the RsaProtectedConfigurationProvider. The difference being that instead of transferring the RSA key pair in an XML file, it relies on this transfer to occur using a certificate in .pfx format (using the Windows Azure Certificate Store ).
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using Pkcs12ProtectedConfigurationProvider
 Encrypting Configuration Information Using Protected Configuration
 How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
 Implementing a Protected Configuration Provider
 Importing and exporting certificates
 Working with the Windows Azure Certificate Store
Aug 16 2010 at 10:22 AM
, version 16
Aug 18 2010 at 11:06 PM
This sample represents the best practice for securing sensitive configuration settings such as SQL Azure connection strings, WAS access keys, etc. This sample is a MUST for securing any Windows Azure application.
Aug 26 2010 at 7:54 PM
Very good work Varun!
Feb 27 2011 at 5:24 PM
Hi, I am unable to encrypt the web.config. It is giving me following msg in VS command prompt
"Encrypting configuration section...
The protection provider 'CustomProvider' was not found.
Unable to understand why it doesnt find the CustomProvider. Also on adding thumbprint in the web.config for the CustomProvider , the intellisense doesn't recognize the attribute . Is it OK ?
Sign in to add a comment
Pkcs12 Protected Confi...
Thu Aug 19 2010 at 7:00 AM
More Tags ...
Visual Studio 2005
Visual Studio 2008
Visual Studio 2010
Manage Your Profile
MSDN Flash Newsletter
© 2008 Microsoft Corporation. All rights reserved.