Platform Administration and Architecture

Protect the connection string passwords from unauthorized access

Abstract

How to use the ASP.NET IIS regstration tool to encrypt sensitive Sitecore passwords from unauthorized access.

Applies to

All Core roles and XP Service roles except xConnect Search Indexer, Sitecore Cortex™ Blob Storage service, and Sitecore Cortex™ Table Storage service.

Sitecore stores passwords in the App_Config\ConnectionStrings.config file. We recommend that you encrypt this file to prevent the passwords from being exposed if the file is accessed without authorization.

To protect connection string passwords:

  1. Locate the ASP.NET IIS registration tool (aspnet_regiis) by executing the following PowerShell command:

    Get-ChildItem C:\Windows\Microsoft.net\ -Recurse aspnet_regiis.exe | select FullName

    The command probably finds several versions of the tool. You must select the latest version:

    FullName
    --------
    C:\Windows\Microsoft.net\Framework\v2.0.50727\aspnet_regiis.exe
    C:\Windows\Microsoft.net\Framework\v4.0.30319\aspnet_regiis.exe
    C:\Windows\Microsoft.net\Framework64\v2.0.50727\aspnet_regiis.exe
    C:\Windows\Microsoft.net\Framework64\v4.0.30319\aspnet_regiis.exe
  2. Use the aspnet_regiis tool with the -pef option to encrypt the connection strings:

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pef "connectionStrings" "C:\inetpub\wwwroot\YOUR_WEBSITE_FOLDER"

    Important

    Do not end the path to your website folder with a backslash (for example, C:\inetpub\wwwroot\YOUR_WEBSITE_FOLDER\) because this makes the aspnet_regiis tool fail.

If you want to decrypt the passwords, you can repeat the PowerShell command with the -pef option changed to -pdf:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pdf "connectionStrings" "C:\inetpub\wwwroot\YOUR_WEBSITE_FOLDER"

You must separately encrypt the connectionStrings.config file on each computer that you install Sitecore on. For more information on the aspnet_regiis tool, see Microsoft documentation on the ASP.NET IIS Registration Tool.