Sitefinity CMS enables you to encrypt sensitive data located in the system configurations. For example, you can encrypt passwords or secret keys. You configure encryption options per configuration section. The administrative backend UI (Administration -> Settings -> Advanced) exposes an option to encrypt settings, which are considered sensitive data. This functionality is available via the Show encryption options button, located in the upper right-hand corner of each configuration section, for example:
Clicking the button displays the persistence options for each applicable configuration setting:
Out of the box, Sitefinity CMS supports the following built-in options to persist configuration values:
NOTE: When retrieving a configuration setting value via the Sitefinity CMS Configurations API, you do not need to decrypt the value yourself - Sitefinity CMS will decrypt the value internally for you.
You can customize the way Sitefinity CMS handles persistence of encrypted configuration settings. This is useful in cases where you want to use a different encryption algorithm for settings that are stored using the Encrypted persistence option, or if you want to specify different persistence location for settings where you have used the Link to App Setting option. For more information about the Sitefinity CMS configuration setting encryption options, see Encrypt sensitive data in configurations.
The default logic for encrypting configuration settings is implemented inside the SecretDataResolver class. To implement your custom logic, you must first add a new class that inherits from SecretDataResolver.
The SecretDataResolver class exposes a Mode property, which helps Sitefinity CMS identify whether this resolver is used for working with configuration settings that are stored using one of the following modes:
In other words, you must implement a separate resolver for each of the modes and specify the Mode accordingly. You do this by overriding the Mode property in your custom class and returning either SecretDataMode.Encrypt or SecretDataMode.Link for its value.
Once you have specified your resolver mode, you must override the GenerateKey and Resolve base methods. The implementation of these methods differs depending on the specified Mode:
You register the custom resolver classes in the web.config file of your application. For example, to register the above demonstrated Encrypt and Link mode resolvers, modify the web.config in the following way:
As a result, the custom resolvers appear in the list of available configuration setting encryption options:
Sign up for our free beginner training. Boost your credentials through advanced courses and certification. Register for Sitefinity training and certification.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important