Configure encryption of the web.config file of the Web Portal

The web.config file of the Web Portal contains information about the settings it uses. For security purposes, you can encrypt the web.config file, to protect confidential data from malicious acts. The encrypted config file can still be read by IIS.

You can encrypt the config file with a standard ASP.NET tool. The commands below are based on a standard installation of Web Portal (so, no changes have been made to the IIS configuration).

To encrypt the web.config file, use the following command in the ASP.NET tool:

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis –pe "appSettings" –app "/" –site "IT Store"

In addition, you also need to encrypt the machine key that is used to encrypt the web.config file:

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis –pe "system.web/machineKey" –app "/" –site "IT Store"

To decrypt the web.config file and the machine key, use the following commands:

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis –pd "appSettings" –app "/" –site "IT Store"
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis –pd "system.web/machineKey" –app "/" –site "IT Store"


Before you upgrade the Web Portal to a new version, you need to decrypt the web.config file first to enable the setup to read the file.

See also