Encrypt and Decrypt Sensitive Data in Web.Config

Encrypt web.config nodes that contain sensitive information such as service accounts and SQL Server logins.

To encrypt your web.config, open a command prompt on the server and enter the following commands:

cd\WINDOWS\Microsoft.NET\Framework\v4.0.30319 <Enter>
aspnet_regiis -pe "connectionStrings" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/machineKey" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "appSettings" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/identity" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/authorization" -app "/MyWebApp" <Enter>

To make changes to your web.config you will need to decrypt it. Use the same commands as above only substitute -pd for -pe.

More information: http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx