The most sensitive information stored in web.config file can be the connection string. You do not want to disclose the information related to your database to all the users where the application is deployed. Every time it is not possible to have a private machine for your sites, you may need to deploy the site in shared host environment. To encrypt the connection string in above situation is advisable.
ASP.NET 2.0 provides in built functionality to encrypt few sections of web.config file. The task can be completed using Aspnet_regiis.exe.
Encryption:
For File System Application
aspnet_regiis.exe -pef "connectionStrings" C:\Projects\DemoApplication
For IIS based Application
aspnet_regiis.exe -pe "connectionStrings" -app "/DemoApplication"
Decryption:
For File System Application,
aspnet_regiis.exe -pdf "connectionStrings" C:\Projects\DemoApplication
For IIS based Application
aspnet_regiis.exe -pd "connectionStrings" -app "/DemoApplication"
