What is Protected Configuration in asp.net?
Encrypting configuration information can improve the security of your application by making it difficult for an intruder to gain access to the sensitive information even if the intruder gains access to your configuration file. Examples of sensitive information include user names, passwords, connection strings, and encryption keys . One of the primary places that sensitive information is stored in an ASP.NET application is the Web.config file. To help secure information in configuration files, ASP.NET provides a feature called protected configuration , which enables you to encrypt sensitive information in a configuration file.
You can manage protected configuration using the ASP.NET IIS Registration tool (Aspnet_regiis.exe) or the protected configuration classes in the System.Configuration namespace. To implement a protected configuration provider, you create a class that inherits the ProtectedConfigurationProvider abstract class from the System.Configuration namespace. The ProtectedConfigurationProvider abstract class inherits the ProviderBase abstract class from the System.Configuration.Provider namespace, so you must implement the required members of the ProviderBase class as well.
You cannot use protected configuration to encrypt the configProtectedData section of a configuration file. You also cannot use protected configuration to encrypt the configuration sections that do not employ a section handler or sections that are part of the managed cryptography configuration.