• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1009
  • Last Modified:

Passwords in web.config

I have been able to run though this example and get it working: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp

However, what parts should i keep and delete in the web.config?  Also, how does the code change when accessing it?

Currently all i am trying to encrypt is

      <smtp deliveryMethod="Network" from="this@that.com" >
        <network defaultCredentials="false" host="there.this.that" userName="them" password="dunno"  />
      </smtp>

Later when i put in a database i will need to do that connection string aswell.  Currently I only need the <network.. to be encrypted.  I have tried this example and it seems to put the new encrypted text in connection strings.  Do i leave them in there or do i move it to smpt?  Also, is there anywhere in the web.config that let's the program know what parts the encryption is for and what type of encryption it is using?

Thanks, this is kind of baffling me, but it seems like a 'do it once' and u'll know it forever type of thing.


0
UnexplainedWays
Asked:
UnexplainedWays
  • 2
1 Solution
 
GENTPCommented:
I used this tutorial to understand the concepts, then simply encoded the connection string in the web.config as an appsettings key. I also encrypt the passwords in the DB, but that isn't really related to your question.

http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

I think that by doing it right in the web.config, then going to a db, you aren't really saving yourself any time. I'd recommend just diving straight into doing it on the DB.

G
0
 
UnexplainedWaysAuthor Commented:
"I'd recommend just diving straight into doing it on the DB."

The smtp network will always be in the web.config, the connection string to the database will be added later to the config file.
0
 
UnexplainedWaysAuthor Commented:
I just had a look at your link, and that's more for people logging in to you website and what they are allowed to do, the xml i provided is used to send emails via smtp.  When you create a new smpt() it goes into your web.config and pulls out this information, so it's easy to tweak in there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now