Encrypting the Web.config in VB

I got a request for how to do the encryption of the web.config but this time in VB, so I thought I'd post it here on the blog as well. The logic is about the same, although I found that in VB I had to add a line to the configuration to save the new settings.  The code for this in vb.net (adding to the global.asax file in the "Session_Start" subroutine:

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs when a new session is started

    EncryptSection("appSettings")

End Sub

Private Sub EncryptSection(ByVal sSection As String)

    Dim config As Configuration = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Context.Request.ApplicationPath)

    Dim configSection As ConfigurationSection = config.GetSection(sSection)

    If configSection.SectionInformation.IsProtected = False Then

        configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")

        config.Save()

    End If

End Sub

Comments

• Anonymous
  April 16, 2008
  PingBack from http://microsoftnews.askpcdoc.com/?p=2856
• Anonymous
  April 16, 2008
  I still don't understand though why you're doing it in Session_Start rather than Application_Start (see comment to previous entry) - I know it's easier for testing (always a consideration with this sort of thing because of all the fun with file permissions), but in production would you really want to be performing that test every time a new Session starts?
• Anonymous
  May 06, 2008
  You could do it either way. If you were to do the encryption in Application_Start then you need to cycle the web site. Session_start ensures that the data is protected every time a new session runs.Mike