Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypting Connection String in web.config

How can we encrypt the connection string section in web.config file?

like image 338
masoud ramezani Avatar asked Nov 10 '09 09:11

masoud ramezani


People also ask

Is it safe to store connection string in Web config?

config based connectionstring as seems is unsafe, because one can read it. But think about it, if a person can read your web. config, means he can edit any file on your server anyways as he probably already hack or gain access to file.


2 Answers

To save having to visit external links, in C:\Windows\Microsoft.NET\Framework\v4.0.30319 (for .NET 4 / 4.5)

aspnet_regiis.exe -pe "connectionStrings" -app "/YourWebSiteName" -prov "DataProtectionConfigurationProvider" 

To decrypt connectionStrings section using this tool, you can specify following command in aspnet_iisreg.exe tool.

aspnet_regiis.exe -pd "connectionStrings" -app "/YouWebSiteName" 
like image 126
Martin Ernst Avatar answered Oct 11 '22 18:10

Martin Ernst


Rahul, converting a string from ASCII to base64 string isn't an encryption, which is what your first link suggests. We can easily convert base64 to ASCII.

Using configsection.protectSection() with an RSA key is a proper encryption that is available for sections of the Web.config file.

Check this link: http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

Please note, that we can not encrypt Web.config file in a shared hosting environment where Trust level is set to medium trust.

like image 32
Bede Amarasekara Avatar answered Oct 11 '22 17:10

Bede Amarasekara