Jump to content

Encrypting and Decrypting the Web.config file


Recommended Posts

This forum post will show you how to encrypt and decrypt your web.config file.


A standard web.config file will be in clear text, and two important parts of this file are the "Connection String" section, and the "AppSettings" section.  The Connection String section holds the credentials that your Passwordstate website uses to connect to your database.  So it will contain the Server name, the Database name and database instance if it is applicable, and the SQL username and password.


The AppSettings section contains the:

  • Web Server Guid, which is a unique value based on your web server name
  • Two Secret Keys which are used to protect your website from being accessed if your database is stolen
  • The Set up Stage of your install
  • The Passive Node status of your website.


A clear text web.config file looks like this:



An encrypted web.config file looks like this:



As you can see, the encrypted web.config file is not readable, and this can protect your information in the event your web server has been compromised.


Encrypting your web.config file can be executed by the following process Section 7 & 8 of this Install Document:  https://www.clickstudios.com.au/downloads/version9/Installation_Instructions.pdf


Decrypting the web.config file must be carried out on the same server where it was encrypted, otherwise this process will not work.  This is part of the security and is built in to the operating system.  If you are migrating your Passwordstate website to a new server, it must be decrypted first on the old server, otherwise your website will not load. To decrypt your web.config file, please follow Sections 7 & 8 in the same document:  https://www.clickstudios.com.au/downloads/version9/Installation_Instructions.pdf


If you have any more questions about this, please contact Click Studios support via email, and we'll help in any way we can.





Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...