Thread: encrypt web.config in Web Farm

Does ASPDNSF encrypt the web.config file using aspnet_regiis RAS?

The reason I ask is that we are going to deploy the storefront in a Web Farm environment and the file will get sync-ed between servers within the farm. Therefore I want to make sure the file encrypted at the server 1 can be correctly decrypted at the server 2.

Excellent question. By default, the web.config file uses the private key on each server to encrypt the web.config file. If you are replicating the web.config, then you are going to run into an issue since a file encrypted on one machine cannot be decrypted on another (since each machine has a different private key). This is by design, since in theory, if they were encrypted using some other method (say, the machine key in the web.config file) anyone who had access to that file could decrypt it just as easily, defeating the purpose of the encryption. There are two options... You can use user-level keys to perform the encryption, and ensure each server has access to those keys (see here: http://msdn.microsoft.com/en-us/libr...t2(VS.80).aspx), or you can PREVENT the web.config from replicating specifically, and encrypt it seperately on each server by hitting the admin site on each server directly using its private IP.