Jump to content
Sign in to follow this  

Encrypting and Decrypting the Web.config file

Recommended Posts

This forum post will show you how to encrypt and decrypt your web.config file.


A standard web.config file will be in clear text, and two important parts of this file are the "Connection String" section, and the "AppSettings" section.  The Connection String section holds the credentials that your Passwordstate website uses to connect to your database.  So it will contain the Server name, the Database name and database instance if it is applicable, and the SQL username and password.


The AppSettings section contains the:

  • Web Server Guid, which is a unique value based on your web server name
  • Two Secret Keys which are used to protect your website from being accessed if your database is stolen
  • The Set up Stage of your install
  • The Passive Node status of your website.


A clear text web.config file looks like this:



An encrypted web.config file looks like this:



As you can see, the encrypted web.config file is not readable, and this can protect your information in the event your web server has been compromised.


Encrypting your web.config file can be executed by the following process Section 10 of this Install Document:  https://www.clickstudios.com.au/downloads/version8/Installation_Instructions.pdf


Decrypting the web.config file must be carried out on the same server where it was encrypted, otherwise this process will not work.  This is part of the security and is built in to the operating system.  If you are migrating your Passwordstate website to a new server, it must be decrypted first on the old server, otherwise your website will not load. To decrypt your web.config file, please follow Section 11 in the same document:  https://www.clickstudios.com.au/downloads/version8/Installation_Instructions.pdf


If you have any more questions about this, please contact Click Studios support via email, and we'll help in any way we can.





Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...