/congrats brianjo!
When I first heard the job title, "Enthusiast Evangelist", only one name came to mind. Fortunately, Brian (Mr. Gadget when I worked with him, and co-author of "Xbox 360 for Dummies" and "Zune for Dummies") got the job.
Congratulations, Brian! Remember where to throw your castoffs!
Securing Web.config
One worry that many have is the information in the web.config file, especially items you might have in your appSettings and/or connectionString sections. It might be older news to some, but you can lock down sections to feel a little safer. (I knew there was something there, but I hadn't researched the code until last week, so it was new for me)
Locking a section:
Configuration config = WebConfigurationManager.OpenWebConfiguration("/");
ConfigurationSection sect = config.GetSection("appSettings");
if (!sect.SectionInformation.IsProtected) {
sect.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
Unlocking a section:
Configuration config = WebConfigurationManager.OpenWebConfiguration("/");ConfigurationSection sect = config.GetSection("appSettings");if (sect.SectionInformation.IsProtected) { sect.SectionInformation.UnprotectSection(); config.Save();}
The appSettings section is then encrypted with...