Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to save database parameters for ASP.NET application

Posted on 2011-03-14
5
Medium Priority
?
507 Views
Last Modified: 2012-05-11
Hi,

we have a ASP.NET application (developped in VB 2008) that needs to connect to a remote SQL Server 2008 Express database. Application will be deploy on a Windows 7 Pro and a Windows 2008 64-bits server. What is the best way to save the database connection parameters? Those parameters cannot be hardcoded and neither kept into the registry.

thanks for your time and help
0
Comment
Question by:Dominic34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 23

Assisted Solution

by:Saqib Khan
Saqib Khan earned 1000 total points
ID: 35131674
I would encrypt the parameter information and then would save them into web.config file

web.config cannot be accessed by web users, and if someone has access to server they can not read anythign as long as parameter info is encrypted.
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB8QFjAA&url=http%3A%2F%2Fwww.codeproject.com%2FKB%2Fsecurity%2FSimpleEncryption.aspx&rct=j&q=asp.net%20encryption&ei=rmd-TcfKMOe70QGxqtTbAw&usg=AFQjCNF0WU4IWqUtlcElDzpRRdFD0gJMiQ&cad=rjt
0
 
LVL 1

Accepted Solution

by:
pjbaratelli earned 1000 total points
ID: 35131699
Read this article for storing information in webconfigs.

http://peterkellner.net/2008/02/23/webconfigbestpractice/

Encrypting the information is a very good idea.

Almost all my site settings are stored in the Registry.  This was done to avoid the security team from hacking into the web.config file years ago (At the beginning, Framework 1.0).   To date, no one has penetrated this (we have had several penetration tests).  Here is the sample code.  

The one Administrative benefit for this method is management of settings is easier for a network administrator as well as moving the sites from one server to another (or so I have been told ).

Below is some sample code to store information in the registry.  You will need to give read permissions to some account (ask the system administrator, but  I think it is network services)

Imports System.Runtime.InteropServices
Imports System.Net
Imports System.IO
Imports System.Security.Permissions
Imports Microsoft.Win32
Imports System.Data

<Assembly: RegistryPermissionAttribute(SecurityAction.RequestMinimum, ViewAndModify:="HKEY_LOCAL_MACHINE")> 

Public Class RcisWebConfig
    ' Standard private variables
    Private p_RegistryPath As String = "SOFTWARE\[CompanyName]\[AppName]"
    Private p_RegistryKey As RegistryKey

    ' Custom private variables
    Private p_DBConnectionString As String


#Region "Properties"

    Public ReadOnly Property DBConnectionString() As String

        Get
            Return Me.p_DBConnectionString
        End Get

    End Property

#End Region

#Region "Constructors"

    Public Sub New()

        Me.p_DBConnectionString = "Initialized"
        Me.LoadSettings()

    End Sub

#End Region

    Private Sub LoadSettings()

        p_RegistryKey = Registry.LocalMachine.OpenSubKey(p_RegistryPath)
        Me.p_DBConnectionString = Me.p_RegistryKey.GetValue("DBConnectionString").ToString()

    End Sub

End Class

Open in new window

0
 
LVL 12

Expert Comment

by:mwochnick
ID: 35132706
0
 

Author Closing Comment

by:Dominic34
ID: 35137211
thanks for the replies. We will use the web.config and we will also look for encrypted registry. thanks for the links mwochnick, it could certainly be really usefull.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
Sometimes in DotNetNuke module development you want to swap controls within the same module definition.  In doing this DNN (somewhat annoyingly) swaps the Skin and Container definitions to the default admin selections.  To get around this you need t…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question