Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MVC 5 / ASP.Net 4.5 Storing Connection Strings Securely

So I have seen some different articles on securing connection strings for ASP.Net applications, but they are all quite dated. I have searched for "Securing Connection String ASP.Net" "Protect Password connection string SQL Server" and other variations and I'm not finding exactly what I'm looking for.

I am specifically using MVC 5. My question is, Is there a method for storing my password outside of the web.config in a manner that is secure so that my password is not in plain text that is easy to implement.

I was assuming that I could connect to my database and through some type of action reset the password using encryption or hashing through the command line. I'm new to this, so be kind. What are my options. I'm assuming there must be a best practice that is not too complex.

I'm connecting to SQL Server 2012 using an MVC 5 (C# in .Net 4.5)

Most of the stuff I found was dated (2007). I did run across something about using Rijndael Example.

like image 832
Eric Bishard Avatar asked May 11 '14 18:05

Eric Bishard


1 Answers

You want configuration section encryption, see this article. This is native option of core ASP.NET so it works for MVC as well. Note, in case of web farm scenario you need same key on all machines in the farm.

Another option could be placing clear connection string to machine.config (it will auto merge to all configuration files on the box) and restricting file access to it.

like image 161
UserControl Avatar answered Sep 23 '22 12:09

UserControl