Encrypting .Net application web.config files are easy enough. However Sitecore is NOT a fan of you messing with the web.config. This is even part of the reason the connection strings are stored out into a separate file in Sitecore. I’ll go through a quick method of taking care of doing it on the separate Sitecore file.
- Ensure you have .Net framework installed where you are going to perform the encryption (my examples are 4.0, you can use 2.0 if need be)
- !!!IMPORTANT!!! Make a backup of your Sitecore ConnectionStrings.config file
- Create a folder on C: to hold your encrypt/decrypt batch files (example will be C:\decrypter) where the .Net framework exists
- Open notepad and create a batch file (encrypt.bat), put the following in for your encryption statement and then save it to your folder you just created
echo Encrypting app_config/connectionstrings.config C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\decrypter" Pause
- Repeat this step for the decryption statement (decrypt.bat)
echo Encrypting app_config/connectionstrings.config C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\decrypter" Pause
- Create a blank web.config (THIS IS YOUR WEB.CONFIG YOU MADE AND NOT THE SITECORE WEB.CONFIG!!!), put and wrap your Sitecore connection strings (from ConnectionStrings.config) inside and save it to the folder you created. it should look something like:
<?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings> <add name="core" connectionString="user id=sitecoreuser;password=sitecorepw;Data Source=servernameorip;Database=Sitecore_Core" /> <add name="master" connectionString="user id=sitecoreuser;password=sitecorepw;Data Source=servernameorip;Database=Sitecore_Master" /> <add name="web" connectionString="user id=sitecoresql;password=sitecorepw;Data Source=servernameorip;Database=Sitecore_Web" /> <add name="reporting" connectionString="user id=sitecoresql;password=sitecorepw;Data Source=servernameorip;Database=Sitecore_Analytics" /> </connectionStrings> </configuration>
- Once you have both batch files and the web.config then run the encrypt batch file as an administrator. It will look something like this:
- You’ll then have a web.config in your folder now similar to this:
<?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>(you'll have a long cipher here)</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>(you'll have a long cipher here)</CipherValue> </CipherData> </EncryptedData> </connectionStrings> </configuration>
- Once completed take the connectionStrings section of the web.config and replace your ConnectionStrings.config file with the encrypted connectionStrings section (run notepad in admin mode if your sitecore is in the web root).
- Recycle the app pool to refresh. You should now be encrypted!
- If this fails for you at some point then replace your Sitecore connectionStrings.config file with the backup you took at the start.
- And yes, to decrypt (to update your strings) put your encrypted connectionstrings section in your web.config (THIS IS YOUR WEB.CONFIG YOU MADE AND NOT THE SITECORE WEB.CONFIG!!!) in the windows folder you made and run the decrypt.bat as an admin. You should get:
Again, I hope this helps someone. Questions and comments are always welcome! And for the sake of hoping I catch the skimmers here, DO NOT MODIFY THE SITECORE WEB.CONFIG. DO THIS ON THE CONNECTIONSTRINGS.CONFIG! You have been warned…
@JaredMeredith 