1. Run the ASP.NET IIS registration tool (aspnet_regiis.exe). The following example shows how to encrypt the connectionStrings section of the Web.config file for an application named SampleApplication:

C# 8.0 and .NET Core 3.0 – Modern Cross-Platform Development: Build applications with C#, .NET Core, Entity Framework Core, ASP.NET Core, and ML.NET using Visual Studio Code, 4th Edition
ASP.NET Core 3 and Angular 9: Full stack web development with .NET Core 3.1 and Angular 9, 3rd Edition
C# in Depth, 4th Edition

aspnet_regiis -pe “connectionStrings” -app “/SampleApplication”

2. Determine the user account or identity under which ASP.NET runs by retrieving the current WindowsIdentity name:

<%@ Page Language=”C#” %>

3. Grant the NETWORK SERVICE account access to the machine-level “NetFrameworkConfigurationKey” RSA key container:

aspnet_regiis -pa “NetFrameworkConfigurationKey” “NT AUTHORITY\NETWORK SERVICE”

4. Decrypt the connectionStrings element of ASP.NET application SampleApplication:

aspnet_regiis -pd “connectionStrings” -app “/SampleApplication”

You should take in mind that by default:

  • on Windows Server 2008, the identity under which the application runs is the APPLICATION POOL account.
  • on Windows Server 2003, the identity under which the application runs is the NETWORK SERVICE account.
  • On other versions of Windows, ASP.NET runs under the local ASPNET account.