Encrypting Connection Strings in web.config file

ASP.NET 2.0 mitigates this problem by introducing encryption schemes for configuration files. You can either encrypt/decrypt configuration files including Web.config and Machine.config either programmatically or using aspnet_regiis.exe tool. Tutorial toolbar: Tell A Friend | | Feedback | Please enable JavaScript to view the comments powered by Disqus.comments powered by Disqus 。

but，www.yzmcyy.com， Products Database Search Solution ( New Version ) Search Control SEO Pager Highlighter Shortcut Controls Crypt Package Free ASP.NET Controls Geotargeting Component ASP.NET Media Player Control Flash Video Player Control Services ASP.NET Telecommute Jobs Free IP Location Lookup Test .Net Regular Expressions CSS/Table/DIV Page Layouts Custom Programming Article Sites Master List Articles dev.beansoftware.com ASP.NET Tutorials ASP.NET FAQ T-SQL FAQ HTML/CSS FAQ .NET Windows Forms General .NET Framework Freelance Tutorials Home Shop Advertise Write For Us Affiliate Newsletter Contact Encrypting Connection Strings in web.config file Introduction ASP.NET stores all the configuration information in plain text files called web.config and machine.config files. We store all vital information including database connection strings， we cannot encrypt all sections of web.config file using this above programmatic approach. There are few sections which need some additional steps before we can encrypt them with above approach. processModel runtime mscorlib startup system.runtime.remoting configProtectedData satelliteassemblies cryptographySettings cryptoNameMapping cryptoClasses In order to encrypt these configuration sections you must encrypt the value and store it in the registry. There's an aspnet_setreg.exe command-line tool to help along with this process. Encryption/Decryption using aspnet_regiis.exe command line tool You can also encrypt and decrypt sections in the Web.config file using the aspnet_regiis.exe command-line tool。

which can be found in the WINDOWSDIR\Microsoft.Net\Framework\version directory. To encrypt a section of the Web.config using the DPAPI machine key with this command-line tool，www.hnbwcw.com， we can encrypt connectionStrings information using DataProtectionConfigurationProvider model. Use the same above method and replace parameter for ProtectSection method with DataProtectionConfigurationProvider as shown below. section.SectionInformation.ProtectSection( RsaProtectedConfigurationProvider ); configuration appSettings / connectionStrings configProtectionProvider = DataProtectionConfigurationProvider EncryptedData CipherData CipherValue AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcHu0TgBbIEyfG1RWWqIDSgQAAAACAAAAAAADZgAAqAAAABAAAACSAX+UlFBbL2xUT1mYruSgAAAAAASAAACgAAAAEAAAAODHdp8b3SFHl8S6yVQ/Ydu4AQAAitMpkAI8SjZc349E63yEAV/mVQzOv29H2mXvz2j+2kg8FTGYV95xySZrUHICx/i5hBq//iQNc1v/Jp0xLxJf6+K/nSQwJTnGWBn3555HJHKU8yAeQCN9Iw/6YWs/q6oVGpPwMmoSe6jS+5bHzThxQrpUqxVXB4aHKeVnAfjcdj5bIBKe9jaZ0kP31UVlB9TB5z+94Ga6LNWuWWcZf/iAfrZ/EZMkEcGJE20Reb3XSm/e+LN1di2YyRxXVYV+b6MDTi7DgHC7ilZsg+/81jCn2UtW4k74wKDXrTjAS3LgWxBdFEUPnwSKbKF+/DF24MVECZ6t7oyxoPH7OqaxR/IDnPLxHAqtd8eT9VKmzouULpQBwrO6echS1MJL8zmvCNMsLz1JnyBlwxYvst8tQs+5MCIndQ1K9615hLiwP/JIUy9T3Hk1pCn37m8tEV+meRguS1yIOXMQ3nsPUI5d1C+Nt4068EecEkuoWujCEUHu9JcpZa2KVsnSYLix5MOEvqGPtbSMmTt7TE7leicEpEn6Hm3LWYQE2N85Skptx5AN/Pfuwl42fMzzs07ZhRFtLDwku/a2/ZQahHIUAAAAdOITPi1vY6agWisqaA6+H/qOocs= / CipherValue / CipherData / EncryptedData / connectionStrings system.web compilation debug = true / authentication mode = Windows / pages theme = Theme1 / / system.web / configuration Encrypted Connection String using DataProtectionConfigurationProvider You can in the similar way decrypt connection strings information using below method. public void DecryptConnString() { Configuration config = WebConfigurationManager .OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection section = config.GetSection( connectionStrings ); if (section.SectionInformation.IsProtected) { section.SectionInformation.UnprotectSection(); config.Save(); } }