I have below connection strings in web config file:
<connectionStrings> <add name="ConString2" connectionString="Data Source=testdb;Persist Security Info=True;User ID=test;Password=test;Unicode=True;" providerName="System.Data.OracleClient"/> <add name="ConString3" connectionString="Data Source=testdb;Persist Security Info=True;User ID=test;Password=test;Unicode=True;" providerName="Oracle.DataAccess.Client"/> </connectionStrings>
I want to keep connection string in encrypted format and when I use to fetch the data from database I want to decrypt connection and connects to DB.
Please check this link https://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.85).aspx
This is the default handling of connection using IIS. You can do custom encryption. e.g. take any encrpytion tool and encrypt the connection. Just before passing the connection string. Decrypt it.
Password encryption/ decryption code in .NET
you can encrypt web config file by the help of "aspnet_regiis.exe".this file is locate under following location: %WinDir%\Microsoft.NET\Framework\
so change your command prompt directory to above location then type :
aspnet_regiis.exe -pef section physical_directory
-- or --
aspnet_regiis.exe -pe section -app virtual_directory
example:
aspnet_regiis.exe -pef "connectionStrings" "C:\folder_where_webconfig_file_exit"
and ASP.Net will handle the decryption of the connection string.
for more information follow these links:
http://www.asp.net/web-forms/overview/data-access/advanced-data-access-scenarios/protecting-connection-strings-and-other-configuration-information-cs
http://weblogs.asp.net/sreejukg/securing-sections-in-web-config
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With