CODEDIGEST
Home » CodeDigest
Search
 

Technologies
 

Encrypting/Decrypting Connection String in ASP.Net
Submitted By Satheesh Babu B
On 4/9/2009 10:05:01 PM
Tags: asp.net,CodeDigest  

Encrypting/Decrypting Connection String in ASP.Net

 

When we use Sql authentication to connect to database it will be better if we encrypt and decrypt the connection string for security purpose because the userid and password are specified in clear text. Even though, users can't access web.config file, it is still not safe because the server admins can still see the userid and password from web.config files. For example, in shared hosting environments. So, it will be better if we encrypt the connection string in web.config file in these scenarios. 

 

Understanding this need, Microsoft introduced a new technique to encrypt and decrypt the Web.Config sections in Asp.Net 2.0.

 

ASP.Net 2.0 has 2 providers for encrypting and decrypting config sections, RSA(RSAProtectedConfigurationProvider) and DPAPI(DataProtectionConfigurationProvider)

 

To encrypt a connection string section,

protected void btnEncrypt_Click(object sender, EventArgs e)

    {

        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

        ConfigurationSection section = config.GetSection("connectionStrings");

        if (!section.SectionInformation.IsProtected)

        {

            section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

            config.Save();

        }

    }

 

To use RSA algorithm, use  RSAProtectedConfigurationProvider in the place of DataProtectionConfigurationProvider in the above code snippet.

 

This is how the connection string section will look like once encrypted,

<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">

  <EncryptedData>

   <CipherData>

    <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkNndGkx6M06QQFz+

eH4CEgQAAAACAAAAAAADZgAAqAAAABAAAABnbufC7mjGVvEtpmFPMqb8AA

AAAASAAACgAAAAEAAAAE/T9z3T5oBv2fMob6hZJsCYAQAAwjp5wFWl7ppY

zHmMSSQPsIoLGnmlVTIPdcldbx3ZvWQwyr6GWCZPd0PmQG5AGX2XfRqGSazdWgWn

1vnCV1u67Lfaf5Be4BABIT2SB+gXcjA3MCaqNvK4PICPNk4s662xPIrCycBv+Vl5ug

TS7zstqVSLhFqAVs7DKNmUoWFSa+6RvtyrdK57Uh4wyP0WdD/doAVByLJjQ8RVKVWm

IyFmi8iQiACVQPgNOGMKRVuchxpc6fiARnyTuMrQ6ZWS15f2G/vwLg9Q/7QBWOpKh4t

LOeoFJX/m+l+9sCD1dJ2Jb/orKg2Nh1aUjfjqnkNZG1jY9JUDLhxGOx8tsPP75VlIw

OqsgNOdojP8BiXJsrDfPhp/BKmV6dgZEvOh2HBkt4x2y0fb9CDlvI/F28lVQGw741If

0P34UTBVZxbe6ka1075rlbXNSCjd33U+mx2ZNk7PG/c8HK6bql5ILM/sxO0wjUP68F

wK2s3CadKzaki9eeTiIE9uGnlctq9Chb2f2E1uwnrefd856BzTK8eOGxTTbF8PU9uFp

Hc1FAAAAMFZTg7MFHHeRLFM9s6ZJ1uBuOkr</CipherValue>

   </CipherData>

  </EncryptedData>

 </connectionStrings>

 

The connection string can be still accessed in code by regular ways,

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["Sql"].ConnectionString);

 

To see back the original connection string we need to decrypt it.

To decrypt a connection string section,

  protected void btnDecrypt_Click(object sender, EventArgs e)

    {

        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

        ConfigurationSection section = config.GetSection("connectionStrings");

        if (section.SectionInformation.IsProtected)

        {

            section.SectionInformation.UnprotectSection();

            config.Save();

        }

    }

 

 

 

 
Do you have a working code that can be used by anyone? Submit it here. It may help someone in the community!!
Recent Codes
  • Convert DateTime to Different TimeZone in C#, ASP.Net
    		•
  • Get Month Name and Day name for a Date in C#, ASP.Net
    		•
  • Format DateTime based on Country or Culture in C#, ASP.Net
    		•
  • Get All Language-Country Code List for all Culture in C#, ASP.Net
    		•
  • How to strip HTML tags, HTML Encode and Decode HTML string using jQuery/JavaScript in ASP.Net?
    		•
  • How to search a folder or file under a directory using wildcard in C#?
    		•
  • Disable or Make a ListItem Non selectable ASP.Net DropDownList
  • Block or Disable Cut, Copy and Paste operation in ASP.Net TextBox Using jQuery
    		•
  • How to split string using C#?
    		•
  • How to check if a String is Integer in C#? (Part 2)
    		•
    View All Codes..
     
    www.codedigest.com. All articles are posted "AS IS" with no warranties. All articles are posted for educational purpose only and individual authors are responsible for their article. Please mail admin@codedigest.com for any queries or compliants.
    Disclaimer  Terms and Condition  Privacy Policy  Contact Us   Our network websites: ChennaiOnNet.Com