Menu
I'm developing a windows desktop application with C# .NET4.0 VS2010 on Windows 8.1. I've a range of settings that I store using the .NET settings mechanism. These have user scope so, when set within the application they are written to Users\username\AppData\Local\companyname\App.exe_URL_randomstuff\versionno\user.config.
These settings include some user registration information that I need to keep hidden. My research suggests that I should be able to encrypt settings using an RsaProtectedConfigurationProvider but all the examples I've found for this relate to encrypting app.config rather than user.config (e.g. http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx).
My question therefore is can user.config be encrypted and if so how? I note that when I instance a System.Configuration.Configuration object I can set the ConfigurationUserLevel to PerUserRoamingAndLocal. When I examine the object via the debugger it seems to be refering to the correct user.config file but when I go on to instance a ConfigurationSection to protect it returns null. The code looks like this:
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.PerUserRoamingAndLocal);
ConfigurationSection connStrings = config.AppSettings;
connStrings.SectionInformation.ProtectSection(provider);
I'm thinking that config.AppSettings is probably not correct but I'm not sure what to replace it with.
Any advice greatly appreciated.
518
Encrypting a Web Configuration Section To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name of the configuration element to be encrypted. Use the –app option to identify the application for which the Web.
You can use protected configuration to encrypt sensitive information, including user names and passwords, database connection strings, and encryption keys, in a Web application configuration file such as the Web. config file.
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
Got it working now. I was correct to be using ConfigurationUserLevel.PerUserRoamingAndLocal to access my user.config file. The problem was with config.AppSettings. I was on the right track replacing this with config.GetSection("Progname.Properties.Settings") but I got the naming wrong. The working code now is as follows:
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.PerUserRoamingAndLocal);
ConfigurationSection connStrings = config.GetSection("userSettings/Progname.Properties.Settings");
connStrings.SectionInformation.ProtectSection(provider);
"Progname" is whatever your assembly is called. Thanks to @neoistheone and @hatchet for your input.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With