Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ OSM Administration

TABLE OF CONTENTS

How to encrypt credentials in web​.config files

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 07, 2025
  • 3 minute read

This article describes how to encrypt credential information in web.config files using aspnet_regiis.exe.

About

While a web.config file is the preferred storage method to save basic configuration settings, it can potentially store sensitive information settings such as database connection strings and service credentials. These are usually stored in plain text, which can expose this information to malicious users.

The encryption provider is a library that can encrypt sensitive data whether coding or using declarative configuration.

Steps to encrypt .config files on application server where OSM is installed

Part 1. Add commenting

Open and modify all the affected .config files. You will need to open each .config file in the subfolders of the OSM application folder and comment out one particular line in each config file.

  1. Go to the directory where the OSM application is installed. During installation, this folder was specified as Folder to install the application on the Server (root folder).

    Example

    C:\OSM\Sites\Production

  2. Open each Web.config file.

    A Web.config file will be present in many locations, including:

    Folder location

    File name

    \OSMAppFolder\DataServices\API

    Web.config

    \OSMAppFolder\DataServices\BLL

    Web.config

    \OSMAppFolder\DataServices\CowIntegrationService

    Web.config

    \OSMAppFolder\DataServices\DAL

    Web.config

    \OSMAppFolder\Web

    Web.config

  3. Search to find the line starting with <section name="adminSettings". The line might contain different values in different versions.

    Example

    <section name="adminSettings" type="COW.Config.CustomConfigurationSection" requirePermission="false" />

  4. Comment out this line by adding commenting characters at each end of the line.

    <!-- <section name="adminSettings" type="COW.Config.CustomConfigurationSection" requirePermission="false" /> -->

  5. Save each file.

Part 2. Run encrypter for adminSettings sections

After commenting out that line, you will run the encrypter on each config file.

  1. On the same application server where OSM is installed, launch the command prompt in administrator mode.

  2. Change the directory to the Windows\Microsoft.NET directory that contains the latest version of Framework for your Windows operating system. This could be Framework64 or Framework32.

    Example

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\

  3. At the command prompt, run the aspnet_regiis.exe command on each .config file.

    The aspnet_regiis.exe encrypter will perform encryption on the adminSettings portion of any .config file in the specified folder location.

    Syntax: aspnet_regiis.exe -pef adminSettings <path to .config file>

    For example

    aspnet_regiis.exe -pef adminSettings C:\OSM\Sites\Production\DataServices\API

    After running the encrypter, if successful, the admin settings in each .config file will be encrypted.

  4. If not successful, try again.

    Part 3. Run encrypter for connectionStrings sections

    Next, you will run the encrypter again with the connectionStrings command on all .config files, except \OSMAppFolder\Web\Web.config.

    1. At the command prompt, run the aspnet_regiis.exe command on each .config file.

      This time, the aspnet_regiis.exe encrypter will perform encryption on the connectionStrings portion of any .config file in the specified folder location.

      Syntax: aspnet_regiis.exe -pef connectionStrings <path to .config file>

      For example

      aspnet_regiis.exe -pef connectionStrings C:\OSM\Sites\Production\DataServices\API

      After running the encrypter, if successful, the connection strings in each .config file will be encrypted.

    2. If not successful, try again.

      Part 4. Remove commenting

      Remove the commenting characters in each .config file. Be sure to remove both the start comment and end comment characters, or the config file will produce an error.

      Part 5. Delete extra unneeded config files

      For security reasons, you should delete these config files that have not been encrypted, because they will still contain readable credential and connection information.

      These .config files are not needed.

      \OSMAppFolder\DataServices\API\bin\API.dll.config

      \OSMAppFolder\DataServices\API\bin\CommonModel.dll.config

      \OSMAppFolder \DataServices\API\bin\COW.Shared.dll.config

      \OSMAppFolder \DataServices\BLL\bin\COW.BLL.dll.config

      \OSMAppFolder \DataServices\CowIntegrationService\Web.Debug.config

      \OSMAppFolder \DataServices\CowIntegrationService\Web.Release.config

      \OSMAppFolder \DataServices\CowIntegrationService\bin\CowIntegrationService.dll.config

      \OSMAppFolder \DataServices\DAL\bin\COW.DAL.dll.config

      \OSMAppFolder \Web\bin\AvevaApp.dll.config

      \OSMAppFolder \Web\bin\COW.Shared.dll.config

      In This Topic
      TitleResults for “How to create a CRG?”Also Available in