Encrypting Connection Strings

Submitted by planetsourcecode on Sat, 06/06/2009 - 12:22

If you are a ASP.NET developer then you know that all the information is stored in web.config file and its is plain file which can be easily open in any text Editor like Notepad or word pad . We store all the important information like connection strings, user names, passwords.That means we are handling sensitive information in a unsafe text file. but we can easily encrypt sensitive information in configuration files ASP.NET 2.0 introduced Protected Configuration model that allows you to encrypt data using two Protected Configuration Providers. They are: RSAProtectedConfigurationProvider: This is the default provider and uses the RSA Public Key Encryption algorithm to encrypt and decrypt data. DataProtectionConfigurationProvider: This provider uses Windows Data Protection Application Programming Interface (DPAPI) to encrypt and decrypt data. Next step: though coding 1) sample web.config file

2). Add a new form and in code behind


using System.Web.Configuration;
using System.Web.Security;
using System.Configuration;

public void EncryptConnString()
    {
    
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
       ConfigurationSection section = config.GetSection("connectionStrings");
        if (!section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
            config.Save();
        }
    }

when this section runs it will produce a ne encrypted web.config



    
    
        
            
            
                
                    
                    
                        Rsa Key
                    
                    
                        jWmekeNh1TC5Bf5RG2RWo8TU0qLoSF9IdSSpWMgiAjeCUqvPfo/XQr/zzLz4kdHUvCbbrSPX92YOpfv0YKSKO1mlEwE9LA57W9oo/0H7E8feO0flheoNdow9Tw8RVaM7meM8CqODladWD8Vr8G9mk17gWBFByWboIBMzWQ6Rp7U=
                    
                
            
            
                7goUfwnWEqyrTFZXMBcD2eW+15j+eYyzq/YS/GpMX2NTMOrfJ6BHFy4Xr+kGEhLsckrGARfbQFsNLctL7wPBAMucnS0g2nbeMLKH1PPGjvBXjsdrvDUJ50w9CyvQ0dOqBb2Kdx0aEvmxCfCy/xLbkYPE6t/LGjVHUJFySVs4SjWhR4sLxzkxuTRSA3kq+2woobOfzIUSqOsO035SYiOYynQf2QcfodYZgT4U2KVsflUHR6Zk/iiTIh0+t1y0cMioFHkkHM8NDdjnYHToNhAP67GrulM/nAsTiMuAW4ElX/MomWAFngKmJvDqo8oKVWXY

for bringing the configuration file to its original state then run the following method


public void DecryptConnString()
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection section = config.GetSection("connectionStrings");
        if (section.SectionInformation.IsProtected)
        {
            section.SectionInformation.UnprotectSection();
            config.Save();
        }
    }

About the author: Planet Source Code is a place for all developer providing free source codes, articles, complete projects,complete application in PHP, C/C++, Javascript, Visual Basic, Cobol, Pascal, ASP/VBScript, AJAX, SQL, Perl, Python, Ruby, Mobile Development

75 views