You can try the following:

您可以尝试以下操作：

https://magenic.com/thinking/encrypting-configuration-sections-in-net

https://magenic.com/thinking/encrypting-configuration-sections-in-net

In short - rename the app.configfile to web.config- the schema is identical, so aspnet_regiisworks. Rename back to app.configwhen finished.

简而言之 - 将app.config文件重命名为web.config- 架构相同，因此aspnet_regiis有效。app.config完成后重命名回。

Old question, but here is the Microsoft way:

老问题，但这是微软的方式：

.NET 2.0: http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx

.NET 2.0：http: //msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx

.NET 3.5: http://msdn.microsoft.com/en-us/library/ms254494(v=vs.90).aspx(Section "Encrypting Configuration File Sections Using Protected Configuration")

.NET 3.5：http: //msdn.microsoft.com/en-us/library/ms254494( v= vs.90).aspx（“使用受保护配置加密配置文件部分”部分）

Toggle Encryption on app.config file:

在 app.config 文件上切换加密：

static void ToggleConfigEncryption(string exeConfigName)
{
    // Takes the executable file name without the 
    // .config extension. 
    try
    {
        // Open the configuration file and retrieve  
        // the connectionStrings section.
        Configuration config = ConfigurationManager.
            OpenExeConfiguration(exeConfigName);

        ConnectionStringsSection section =
            config.GetSection("connectionStrings")
            as ConnectionStringsSection;

        if (section.SectionInformation.IsProtected)
        {
            // Remove encryption.
            section.SectionInformation.UnprotectSection();
        }
        else
        {
            // Encrypt the section.
            section.SectionInformation.ProtectSection(
                "DataProtectionConfigurationProvider");
        }
        // Save the current configuration.
        config.Save();

        Console.WriteLine("Protected={0}",
            section.SectionInformation.IsProtected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

Compile this console application, and drag a config file onto it. It will spit out a copy of the config file with its connection strings encrypted.

编译这个控制台应用程序，并将一个配置文件拖到它上面。它将吐出配置文件的副本，并对其连接字符串进行加密。

Note that you must encrypt as the same user who will consume the config file.

请注意，您必须以使用配置文件的同一用户身份进行加密。

using System;
using System.Configuration;
using System.IO;

namespace ConnectionStringEncryptor
{
    class Program
    {
        static void Main(string[] args)
        {
            if (args.Length == 0)
            {
                throw new ArgumentException("Please supply a config file to encrypt");
            }
            string originalConfigFilePath = args[0];
            AppDomain.CurrentDomain.SetData("APP_CONFIG_FILE", originalConfigFilePath);
            Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
            ConnectionStringsSection connectionStringsSection = (ConnectionStringsSection)config.GetSection("connectionStrings");
            connectionStringsSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
            config.SaveAs(originalConfigFilePath + ".encrypted");
        }
    }
}

PowerShell implementation based on MichelZ's answer:

基于 MichelZ 的回答的 PowerShell 实现：

<#
.SYNOPSIS
Encrypts a section in .NET app configuration file.
#>
function Protect-DotNetConfigSection
{
    [CmdletBinding()]
    param
    (
        # Path to .exe file.
        [Parameter(Mandatory = $true)]
        [string] $ExePath,
        # List of section names.
        [Parameter(Mandatory = $true)]
        [string[]] $Sections
    )

    $config = [System.Configuration.ConfigurationManager]::OpenExeConfiguration($ExePath)

    foreach ($section in $Sections)
    {
        $config.GetSection($section).SectionInformation.ProtectSection('DataProtectionConfigurationProvider')
    }

    $config.Save()
}

Protect-DotNetConfigSection 'C:\MyApp\MyApp.exe' 'connectionStrings'
Protect-DotNetConfigSection 'C:\MyApp\MyApp.exe' @('connectionStrings', 'appSettings')