Encrypting Web.Config
I believe there are two ways of doing this:
using aspnet_regiis using DPAPI or RSA, or doing it programmatically.
The programmatic way can be handy, particularly if you also like to encrypt app.config.
From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:
- Copy config DLL to GAC.
- Perform encryption.
- Remove config DLL from GAC.
Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.
Encrypt the connection String in ASP.NET Web Config
You can run directly through the location
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pe "ProConnection" -app "/NewTestAPI" -prov "RsaProtectedConfigurationProvider"
Is it possible to encrypt a config file specified as a configSource from web.config?
This was because of the type I was using to define my config section. Although there are no docs to prove it, it appears that the NameValueSectionHandler
type does not encrypt when used for a config source. The solution was to change the type to System.Configuration.AppSettingsSection
and the encryption works correctly
Encrypt the web.config file
When running aspnet_regiis, you need to indicate the name of the node you want to encrypt. You cannot select what you want to encrypt by an attribute value. Basically, change
aspnet_regiis -pef ProvantisDataConnection
to
aspnet_regiis -pef connectionStrings
ASP.Net MVC5:How to encrypt decrypt connection string in web.config
I don't know how sensitive your data is, but I suppose you could try the following:
- Encrypt the connectionString manually first (for instance, with AES(Rijndael)).
- Paste the encrypted string in your web.config.
Decrypt the string in your code, using something like this
private string getConnectionString()
{
string encrypted = System.Configuration.
ConfigurationManager.AppSettings["connectionString"];
//Rijndael or any other form of decryption here...
//.....
//.....
return decryptedString;
}Use the decrypted connectionString to connect to your database! :)
Related Topics
Why C# Won't Allow Field Initializer with Non-Static Fields
Linq Query Group by and Selecting First Items
How to Intercept Console Output
C# ASP.NET Write File to Client
How to Asynchronously Read the Standard Output Stream and Standard Error Stream at Once
The Entity or Complex Type ' ' Cannot Be Constructed in a Linq to Entities Query
The Limitation on the Size of .Net Array
How to Convert Date Format to Dd-Mm-Yyyy in C#
C#: Detecting Which Application Has Focus
How to Test Smtpclient Before Calling Client.Send()
Overload Resolution and Virtual Methods
Creating an Anonymous Type Dynamically
How to Output Unicode String to Rtf (Using C#)
Monitor a Process's Network Usage
Data Binding Directly to a Store Query (Dbset, Dbquery, Dbsqlquery) Is Not Supported