Menu
I am securing my MVC5 project, by moving the connection strings out of web.config into an external file, and not checking this into source control, nor adding it to the project.
My web.config looks like
<configuration>
<connectionStrings configSource="ConnectionStrings.config" />
This works perfectly in development.
I have the website hosted in Azure WebSites, and I have manually defined the connectionstrings in the configuration portal.
The problem is that when I publish to Azure, I get the error "Unable to open configSource file 'ConnectionStrings.config'."
Is there a way to override the Connection Strings element in the web.config so it will not try and find the external file? Is Web Transforms able to do this?
Thanks in advance, all help appreciated
836
config file in the Views folder.) Find the <connectionStrings> element: Add the following connection string to the <connectionStrings> element in the Web. config file.
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
In this window, click Console Application under Visual C#. Give the name of your application as "Database_Connection_Application" and then click OK. Now, specify a name, then click in the Type cell. In the drop-down box choose "Connection String".
Use a RemoveAttributes transform on the web.config and remove the configSource attribute on deploy to Azure.
162
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
