Solved

encrypt connection string

Posted on 2011-09-29
4
363 Views
Last Modified: 2012-05-12
hi,

im encrypting my asp.net connection strings on my dev environment like so

var config = WebConfigurationManager.
                OpenWebConfiguration("~");

            var section =
                config.GetSection("connectionStrings")
                as ConnectionStringsSection;

                      section.SectionInformation.ProtectSection(
                    "RSAProtectedConfigurationProvider");
                     config.Save();

Open in new window


When i deploy this the encrypted web.config to Live environment do i need to export a key from my dev environment? Or should I just run the encryption routine it on live?

Also what key does "RSAProtectedConfigurationProvider" use to do the encryption and what will stop someone accessing that key when it goes live?

Thanks very much
0
Comment
Question by:MrKevorkian
  • 2
  • 2
4 Comments
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 500 total points
ID: 36815226
When i deploy this the encrypted web.config to Live environment do i need to export a key from my dev environment? Or should I just run the encryption routine it on live?
Also what key does it use to do the encryption and what is to stop someone accessing that key when it goes live?
IIRC, the encryption algorithm uses the machine key to encrypt the data. The only thing you should need to do is to run the asp helper application, aspnet_regiis.exe on the target machine to initially encrypt the sections using that machine's key. You would not deploy the key from your development server.


Also what key does it use to do the encryption and what is to stop someone accessing that key when it goes live?
As I stated, it should be the machine key that's used, so if someone has found access to that, you've probably got bigger problems going on  = )
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 36815302
Thanks thats very useful.

So "RSAProtectedConfigurationProvider" uses IIRC?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36815512
IIRC => "If I Recall Correctly"   = )
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 36815517
haha! thanks
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question