aspnet_regiis saying success but connectionString section unchanged

Question

So I have a web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <connectionStrings>
    <clear />
    <add name="AS400" providerName="System.Data.ProviderName" connectionString="DataSource=REDACTED; UserID=REDACTED; Password=REDACTED; InitialCatalog=REDACTED; DataCompression=True; CheckConnectionOnOpen=True; CharBitDataAsString=True; Naming = System" />
  </connectionStrings>
...

And I'm trying to figure out how to encrypt the connectionStrings section, following this documentation.

I navigated to the location of the published web app and ran the following command as an admin: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pe "connectionStrings" -app / -prov "RsaProtectedConfigurationProvider"

The command output the following:

Microsoft (R) ASP.NET RegIIS version 4.0.30319.0
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Encrypting configuration section...
Succeeded!

...But it didn't seem to do anything! The web.config is unchanged.

I'm probably missing something obvious here but I've never used aspnet_regiis before so I have no idea how to proceed.

Answer 1

I got it. Running it with an app of \ in the correct location isn't good enough. (Likewise, for some reason, navigating to just C:\Windows\Microsoft.NET\Framework64\v4.0.30319 then running aspnet_regiis doesn't work). Need to fully-qualify both paths:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pef "connectionStrings" "C:\Atlassian\bamboo-home\xml-data\build-dir\4587526-3997713"