I'm developing a windows desktop application with C# .NET4.0 VS2010 on Windows 8.1. I've a range of settings that I store using the .NET settings mechanism. These have user scope so, when set within the application they are written to Users\username\AppData\Local\companyname\App.exe_URL_randomstuff\versionno\user.config.
These settings include some user registration information that I need to keep hidden. My research suggests that I should be able to encrypt settings using an RsaProtectedConfigurationProvider but all the examples I've found for this relate to encrypting app.config rather than user.config (e.g. http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx).
My question therefore is can user.config be encrypted and if so how? I note that when I instance a System.Configuration.Configuration object I can set the ConfigurationUserLevel to PerUserRoamingAndLocal. When I examine the object via the debugger it seems to be refering to the correct user.config file but when I go on to instance a ConfigurationSection to protect it returns null. The code looks like this:
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.PerUserRoamingAndLocal);
ConfigurationSection connStrings = config.AppSettings;
connStrings.SectionInformation.ProtectSection(provider);
I'm thinking that config.AppSettings is probably not correct but I'm not sure what to replace it with.
Any advice greatly appreciated.
Got it working now. I was correct to be using ConfigurationUserLevel.PerUserRoamingAndLocal to access my user.config file. The problem was with config.AppSettings. I was on the right track replacing this with config.GetSection("Progname.Properties.Settings") but I got the naming wrong. The working code now is as follows:
"Progname" is whatever your assembly is called. Thanks to @neoistheone and @hatchet for your input.