We help IT Professionals succeed at work.

How to encrypt connection string?

brettr
brettr asked
on
1,428 Views
Last Modified: 2012-05-06
I have a .net 3.5 winforms app and want to encrypt the connectionString.  I have renamed app.config to web.config so it can be used with aspnet_regiis.  I'm in the app root folder and running this command line:

C:\src\project1\myapp>aspnet_regiis -pef "connectionSrings" -app "myapp"

No matter how I change the command line, I always get the help output.  No errors.  The app doesn't have an IIS website and is a web application project.  Any suggestions?
Comment
Watch Question

David RobitailleAnalyst Programmer

Commented:
try to put the local path of the website instead.
aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite"
 
here a ref:
http://www.4guysfromrolla.com/articles/021506-1.aspx
David RobitailleAnalyst Programmer

Commented:
<$/>you could also try to move into the %WINDOWSDIR%\Microsoft.Net\Framework\version directory before running the command.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Last suggestion worked.  It output a larger amount of help at first until I got the command line correct.  I'm guessing it's a newer version of aspnet_iisreg.exe.

This section created by the encryption is giving errors:

  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"

//Error 1
The 'configProtectionProvider' attribute is not declared

//Error 2
The element 'connectionStrings' has invalid child element 'EncryptedData' in namespace 'http://www.w3.org/2001/04/xmlenc#'. List of possible elements expected: 'add, remove, clear'.

Do you know about those?  App seems to run ok.
David RobitailleAnalyst Programmer

Commented:
try to add this at the end of the command, it will uses DPAPI to encrypt and decrypt data instead of RSA
 prov "DataProtectionConfigurationProvider"

(you may have to restore your backup before doing it)
David RobitailleAnalyst Programmer

Commented:
the switch char seem to be replaced, "" = "-"
it`s
-prov "DataProtectionConfigurationProvider"

Author

Commented:
Same problem just that now it looks like this:

 <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
 ...
Analyst Programmer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Adding this makes the errors go away:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">

Author

Commented:
Unfortunately, that namespace also prevents my app from running.
David RobitailleAnalyst Programmer

Commented:
???
What error message did you get?

did you run the aspnet_regiis.exe on the IIS Server. the encryption key is diferent than the one on your developement machine.

Author

Commented:
It complained that the app's configuration was invalid and to reinstall the app.
David RobitailleAnalyst Programmer

Commented:
Who complained? ISS? visual studio?

Author

Commented:
I'm running the app in VS.NET.  I get the same error when double clicking the EXE.  It says the application configuration is incorrect.
David RobitailleAnalyst Programmer

Commented:
???????????
How do you get an EXE from web application? And what are you doing with it?
Anyway this web.config encryption thing is supposed to work when you want to "deploy" a web application to a web server (usually IIS). the machine that will execute the program (the IIS server) must be the same that the one you used to encrypt the Web.config.
There must be something i dont understand about your setup, because i got no idea of what you are trying to do...

Author

Commented:
It is a winform app.  But that doesn't matter.  The point is that VS.NET complains about those particular attributes.

Yes - I found it that the machine which encyrpts the config needs to decrypt.  Not helpful.  How can you deploy this to other machines?
David RobitailleAnalyst Programmer

Commented:
you cannot.
That thing is designed for ASP.NET web site not Winform app. You posted the question in "NET, C# Programming Language, Programming for ASP.NET" zones. dont you noticed the tool name is aspnet_regIIS???
but, now i understand the alusion about the app.config.
I think this link will be more helpfull
http://msdn.microsoft.com/en-us/library/ms998283.aspx 
 

Author

Commented:
I posted here because there is no such tool for winforms and using aspnet_regiis is the defacto standard to encrypt app.config files as well.
David RobitailleAnalyst Programmer

Commented:
sorry, i keep the wrong link
http://www.codeproject.com/KB/cs/Configuration_File.aspx
if that cannot hlep, I sorry, but i connot help you futher, i diden`t do anything like this, my experience is of web.config and web app. I suggest you post a new question like
"How to encrypt connection string in app.config"
 

Author

Commented:
Thanks on the links you've been posting.  The programatic technique won't work since it has to encrypt/decrypt with each app run.  I only encrypt on app install.

Your help set me in the right direction.  I leave the app.config unencrypted in SVN.  During the win app MSI is install, it runs a batch file that renames app.config to web.config, encrypts it as above and renames it back to app.config.  viola!  It works fine.
David RobitailleAnalyst Programmer

Commented:
I`m glad i gould help!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.