Note to self more than anything else.
If you’re passing credentials via the web.config for forms based authentication it is absolutely essential that you encrypt the membership section of the web.config file.
When encrypting the membership section of the web.config file it is important to realize that the proper identification for the aspnet_regiis.exe command is going to be “system.web/membership”
So the correct string to encrypt the membership section of web.config will be as follows:
aspnet_regiis.exe -pef “system.web/membership” “\Inetpub\wwwroot\wss\VirtualDirectories\80″ (replace 80 with the directory appropriate for your case)
To decrypt the membership section use the following:
aspnet_regiis.exe -pdf “system.web/membership” “\Inetpub\wwwroot\wss\VirtualDirectories\80″ (replace 80 with the directory appropriate for your case)
If you do not specify a provider using the -prov option, the provider configured as the defaultProvider is used.