The connection string within the web.config file contains sensitive information and you may not want to disclose this information to users where WealthWorks+ is installed. If WealthWorks+ is installed in a shared or hosted environment, it is possible to encrypt the connection string.
ASP.NET 4.0 provides functionality to encrypt some sections of web.config file. Locate the Framework folder in the IIS server. For example, C:\Windows\Microsoft.NET\Framework64\v4.0.xxxxx.
The tool (aspnet_regiis.exe) is typically found in the .NET Framework directory in C:\Windows\Microsoft.NET\Framework64\v4.0.xxxxx\aspnet_regiis.exe for 64-bit.
To encrypt the connection string sections of the web.config file, follow these steps:
- Run the Command Prompt, as Administrator) and navigate to the folder: %windir%\Microsoft.NET\Framework64\v4.0.30319 and then type the following command:
aspnet_regiis.exe -pef “connectionStrings” "c:\inetpub\wwwroot\WealthWorksPlus"
The second argument is the name of configuration section that needs to be encrypted.
The third argument indicates the folder in which the WealthWorks+ application is installed. - You should receive a message as follows: “Encrypting configuration section…Succeeded!”
Opening your WealthWorks+ web.config file using Notepad will verify that the connection string is now encrypted.
WealthWorks+ and the .NET framework will decrypt this connection string automatically.
Decrypting
To decrypt the configuration section in web.config file use the following command:
- aspnet_regiis.exe -pdf “connectionStrings” "c:\inetpub\wwwroot\WealthWorksPlus"