Encrypting your web.config

The Problem: We have a website which sends out automatic email notifications upon ordering an item. The problem is that the emails suddenly stopped.

The Technologies: We are using Commerce 4 Umbraco as our Ecommerce system. We use Office 365 for our stmp email which Umbraco is configured to use.

 The Cause: We were using a non-primary account which counted as a separate account (noreply@website.com). When we transitioned over to Office 365 we were given 15 accounts to use, but the 15 accounts given expired leaving us only 1 account for emailing. This mean the non-primary noreply account was prevented from authenticating.

The Fix: Running the web under the main account credentials. The problem with this was that we would have to put a plaintext password in the web.config and that is a major security risk. The way to fix this was encrypt the web.config. It is an extremely simple process and is smart to do for all of your production websites.

TO ENCRYPT:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef system.net/mailSettings/smtp c:\web\YOUR_WEBSITE_DIRECTORY

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef appSettings c:\web\ YOUR_WEBSITE_DIRECTORY

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef connectionStrings c:\web\ YOUR_WEBSITE_DIRECTORY

TO DECRYPT:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf system.net/mailSettings/smtp c:\web\ YOUR_WEBSITE_DIRECTORY

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf appSettings c:\web\ YOUR_WEBSITE_DIRECTORY

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf connectionStrings c:\web\ YOUR_WEBSITE_DIRECTORY

Running those commands will encrypt and decrypt the smtp, appSettings and connectionString adding another level of security to your website.