Last post Feb 10, 2014 05:51 AM by ramana123
Feb 08, 2014 06:40 AM|kashifdotnet|LINK
I will soon be hosting an asp.net site on the public domain. For encryption purpose, currently the site uses web.config file to store the Key and IV values. However, I have read that to make it more secure, its better to perform encryption in a separate
WCF service hosted in IIS. The service will accept a value and encrypt/decrypt it. My questions are:
1. Is WCF service a good place to perform the encryption seperately?
2. Can someone guide me on how the WCF service will be hosted so that my application can add a reference to it without exposing the service to the outside world?
Thanks in advance.
Feb 10, 2014 05:51 AM|ramana123|LINK
in production encrypt your config file and decrypt the same in application code wherever you pull the config values..i dont see any reason separate WCF for the same.
anyway, just my thought.