1. Run the ASP.NET IIS registration tool (aspnet_regiis.exe). The following example shows how to encrypt the connectionStrings section of the Web.config file for an application named SampleApplication:
aspnet_regiis -pe “connectionStrings” -app “/SampleApplication”
2. Determine the user account or identity under which ASP.NET runs by retrieving the current WindowsIdentity name:
<%@ Page Language=”C#” %>
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
%>
3. Grant the NETWORK SERVICE account access to the machine-level “NetFrameworkConfigurationKey” RSA key container:
aspnet_regiis -pa “NetFrameworkConfigurationKey” “NT AUTHORITY\NETWORK SERVICE”
4. Decrypt the connectionStrings element of ASP.NET application SampleApplication:
aspnet_regiis -pd “connectionStrings” -app “/SampleApplication”
You should take in mind that by default:
- on Windows Server 2008, the identity under which the application runs is the APPLICATION POOL account.
- on Windows Server 2003, the identity under which the application runs is the NETWORK SERVICE account.
- On other versions of Windows, ASP.NET runs under the local ASPNET account.