So I have seen some different articles on securing connection strings for ASP.Net applications, but they are all quite dated. I have searched for "Securing Connection String ASP.Net" "Protect Password connection string SQL Server" and other variations and I'm not finding exactly what I'm looking for.
I am specifically using MVC 5. My question is, Is there a method for storing my password outside of the web.config
in a manner that is secure so that my password is not in plain text that is easy to implement.
I was assuming that I could connect to my database and through some type of action reset the password using encryption or hashing through the command line. I'm new to this, so be kind. What are my options. I'm assuming there must be a best practice that is not too complex.
I'm connecting to SQL Server 2012 using an MVC 5 (C# in .Net 4.5)
Most of the stuff I found was dated (2007). I did run across something about using Rijndael Example.
You want configuration section encryption, see this article. This is native option of core ASP.NET so it works for MVC as well. Note, in case of web farm scenario you need same key on all machines in the farm.
Another option could be placing clear connection string to machine.config (it will auto merge to all configuration files on the box) and restricting file access to it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With