• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

How to encrypt and use encrypted connection strings in web.config

In my app I am reading the web.config file to read my connection string by a call to GetWebConfig every time i need access the database
If the connection string is not encrypted it is saved encrypted OK (first time)
Next time I call the function, I get an error on the last statement in the funcion returning the connection string, saying "NullReferenceException was unhandled by user code"
What am I thinking / doing wrong??

   Dim con As SqlConnection
   con = GetWebConfigCon("conPBIB")

------
   Function GetWebConfigCon(ByVal strCon As String) As SqlConnection
        Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration("~")
        Dim configSection As ConfigurationSection = config.GetSection("connectionStrings")

       'If not encrypted, do that:        
       If Not configSection.SectionInformation.IsProtected Then
            configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
            config.Save()
       End If

       'Decrypt (to be able to read? Not save…)
        configSection.SectionInformation.UnprotectSection()

       'Return Connectionstring:
       GetWebConfigCon = New SqlConnection(ConfigurationManager.ConnectionStrings(strCon).ConnectionString)

    End Function

0
Joar
Asked:
Joar
  • 3
  • 2
1 Solution
 
mayank_joshiCommented:
For a web.config file with encrypted contents you dont need to Decrypt the  contents  before accessing the connection string. Whenever you access a content of web.config file the decryption is performed automatically.
0
 
mayank_joshiCommented:
Keep in mind that once the data is encrypted, when it's read from an ASP.NET page (i.e., reading the connection string information from a SqlDataSource control or programmatically, via ConfigurationManager.ConnectionStrings[connStringName].ConnectionString), ASP.NET automatically decrypts the connection string and returns the plain-text value. In other words, you don't need to change your code one iota after implementing encryption. Pretty cool!

Reference:-
http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
JoarAuthor Commented:
When I remove the statement:
        configSection.SectionInformation.UnprotectSection()

I next time get an error on the last statement in the funcion returning the connection string:
   'Return Connectionstring:
       GetWebConfigCon = New SqlConnection(ConfigurationManager.ConnectionStrings(strCon).ConnectionString)


saying "NullReferenceException was unhandled by user code"
as if it is not finding the value of strCon which is "conPBIB", because it is encrypted?

0
 
JoarAuthor Commented:
sorry, my problem. Seem to be specifying wrong connection string some where. Checking and coming back...
0
 
JoarAuthor Commented:
Thanks a lot!
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now