It has already been discussed how encrypt Web.config , has also been discussed as use encrypted Web.config , however my doubts are as follows:
If you are using the default provider Rsa Protected Provider to perform encryption, and if you want to read the contents of web.config on another computer, you need to export the server key where you encrypted and import to the machine you want to undo the process.
So far so good, though:
- Any machine that is to run my application, I need to be doing the import, this leaves us a breach, for the simple fact of having the key anyone can decrypt.
I would like to understand, or if possible a direction, how to leave this key only on my server, for example, when I run the application, it requests for the server and it returns the ConnectingString .
Or another method to protect ConnectingString that does not rely on importing or exporting the key.