Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypting appSettings in web.config

I am developing a web app which requires a username and password to be stored in the web.Config, it also refers to some URLs which will be requested by the web app itself and never the client.

I know the .Net framework will not allow a web.config file to be served, however I still think its bad practice to leave this sort of information in plain text.

Everything I have read so far requires me to use a command line switch or to store values in the registry of the server. I have access to neither of these as the host is online and I have only FTP and Control Panel (helm) access.

Can anyone recommend any good, free encryption DLL's or methods which I can use? I'd rather not develop my own!

Thanks for the feedback so far guys but I am not able to issue commands and and not able to edit the registry. Its going to have to be an encryption util/helper but just wondering which one!

like image 346
Mauro Avatar asked Sep 10 '08 14:09

Mauro


People also ask

Is it safe to store connection string in web config?

config based connectionstring as seems is unsafe, because one can read it. But think about it, if a person can read your web. config, means he can edit any file on your server anyways as he probably already hack or gain access to file.

What is the use of appSettings in web config?

The <appSettings> element stores custom application configuration information, such as database connection strings, file paths, XML Web service URLs, or any other custom configuration information for an application.


1 Answers

  • Encrypting and Decrypting Configuration Sections (ASP.NET) on MSDN
  • Encrypting Web.Config Values in ASP.NET 2.0 on ScottGu's blog
  • Encrypting Custom Configuration Sections on K. Scott Allen's blog

EDIT:
If you can't use asp utility, you can encrypt config file using SectionInformation.ProtectSection method.

Sample on codeproject:

Encryption of Connection Strings inside the Web.config in ASP.Net 2.0

like image 81
aku Avatar answered Oct 20 '22 15:10

aku