Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

encrypt connection string

Posted on 2011-09-29
4
Medium Priority
?
370 Views
Last Modified: 2012-05-12
hi,

im encrypting my asp.net connection strings on my dev environment like so

var config = WebConfigurationManager.
                OpenWebConfiguration("~");

            var section =
                config.GetSection("connectionStrings")
                as ConnectionStringsSection;

                      section.SectionInformation.ProtectSection(
                    "RSAProtectedConfigurationProvider");
                     config.Save();

Open in new window


When i deploy this the encrypted web.config to Live environment do i need to export a key from my dev environment? Or should I just run the encryption routine it on live?

Also what key does "RSAProtectedConfigurationProvider" use to do the encryption and what will stop someone accessing that key when it goes live?

Thanks very much
0
Comment
Question by:MrKevorkian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 2000 total points
ID: 36815226
When i deploy this the encrypted web.config to Live environment do i need to export a key from my dev environment? Or should I just run the encryption routine it on live?
Also what key does it use to do the encryption and what is to stop someone accessing that key when it goes live?
IIRC, the encryption algorithm uses the machine key to encrypt the data. The only thing you should need to do is to run the asp helper application, aspnet_regiis.exe on the target machine to initially encrypt the sections using that machine's key. You would not deploy the key from your development server.


Also what key does it use to do the encryption and what is to stop someone accessing that key when it goes live?
As I stated, it should be the machine key that's used, so if someone has found access to that, you've probably got bigger problems going on  = )
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 36815302
Thanks thats very useful.

So "RSAProtectedConfigurationProvider" uses IIRC?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36815512
IIRC => "If I Recall Correctly"   = )
0
 
LVL 1

Author Comment

by:MrKevorkian
ID: 36815517
haha! thanks
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question