Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

How to encrypt and use encrypted connection strings in web.config

In my app I am reading the web.config file to read my connection string by a call to GetWebConfig every time i need access the database
If the connection string is not encrypted it is saved encrypted OK (first time)
Next time I call the function, I get an error on the last statement in the funcion returning the connection string, saying "NullReferenceException was unhandled by user code"
What am I thinking / doing wrong??

   Dim con As SqlConnection
   con = GetWebConfigCon("conPBIB")

------
   Function GetWebConfigCon(ByVal strCon As String) As SqlConnection
        Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration("~")
        Dim configSection As ConfigurationSection = config.GetSection("connectionStrings")

       'If not encrypted, do that:        
       If Not configSection.SectionInformation.IsProtected Then
            configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
            config.Save()
       End If

       'Decrypt (to be able to read? Not saveā€¦)
        configSection.SectionInformation.UnprotectSection()

       'Return Connectionstring:
       GetWebConfigCon = New SqlConnection(ConfigurationManager.ConnectionStrings(strCon).ConnectionString)

    End Function

0
Joar
Asked:
Joar
  • 3
  • 2
1 Solution
 
mayank_joshiCommented:
For a web.config file with encrypted contents you dont need to Decrypt the  contents  before accessing the connection string. Whenever you access a content of web.config file the decryption is performed automatically.
0
 
mayank_joshiCommented:
Keep in mind that once the data is encrypted, when it's read from an ASP.NET page (i.e., reading the connection string information from a SqlDataSource control or programmatically, via ConfigurationManager.ConnectionStrings[connStringName].ConnectionString), ASP.NET automatically decrypts the connection string and returns the plain-text value. In other words, you don't need to change your code one iota after implementing encryption. Pretty cool!

Reference:-
http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
JoarAuthor Commented:
When I remove the statement:
        configSection.SectionInformation.UnprotectSection()

I next time get an error on the last statement in the funcion returning the connection string:
   'Return Connectionstring:
       GetWebConfigCon = New SqlConnection(ConfigurationManager.ConnectionStrings(strCon).ConnectionString)


saying "NullReferenceException was unhandled by user code"
as if it is not finding the value of strCon which is "conPBIB", because it is encrypted?

0
 
JoarAuthor Commented:
sorry, my problem. Seem to be specifying wrong connection string some where. Checking and coming back...
0
 
JoarAuthor Commented:
Thanks a lot!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now