I have searched around Google and Stackoverflow but can't seen to come up with a solution for editing the web.config to encrypt and store a SQL Server connection string for an installation script.

The link at Accessing the web.config in Medium trust seems to suggest that the following code would work instead of OpenWebConfiguration, however this is not working on the local development server (running Medium Trust) or at Rackspace Cloud (formerly Mosso).

String cfgpath = Server.MapPath(@"/web.config");
cfg = System.Configuration.ConfigurationManager.OpenExeConfiguration(cfgpath);

Rackspoace Cloud can be setup to save files using Impersonation, however I am still receiving the "An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission" error when catching the ConfigurationErrorsException.

Any ideas how I can edit the web.config to encrypt and store the SQL Server connection string during the installation script?

Update #1 It seems both DpapiProtectedConfigurationProvider and RsaProtectedConfigurationProvider require FullTrust. Are there any other solutions to protect the Web.config file further when using MediumTrust?

If your provider allows it, you could setup a custom policy file as described in How To: Use Medium Trust in ASP.NET 2.0. But it is unlikely that they will let you.

You could also try to use XDocument / XmlDocument and XPath to get/set config values, though you will still have to deal with the encryption/decryption by using a library that runs in medium trust. (see Modify configuration section programmatically in medium trust)

If possibly, you could also try to use a separate process that modifies the file somewhere else, and then allows the modified file to be upload to the server via external means, like FTP or the Web Deploy feature of IIS7.