Solved

Encryption / Decrypting Web.Config

Posted on 2012-03-22
2
258 Views
Last Modified: 2012-04-30
Hello,

I have a script below that will encrypt and decrypt my web.config file.
My question is if I have the web.config encrypted, how to I access the database name, username and password when I need to access the database?

Do I need to run the decrypt code everytime when I open up a database source?





code:
Public Sub Encrypt()
        Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = confg.GetSection(section)
        If confgSect IsNot Nothing Then
            confgSect.SectionInformation.ProtectSection(provider)
            confg.Save()
        End If
    End Sub

Public Sub Decrypt()
 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = config.GetSection(section)
        If confgSect.SectionInformation.IsProtected Then
            confgSect.SectionInformation.UnprotectSection()
            config.Save()
        End If
End Sub

Thanks
0
Comment
Question by:jeffreyjseaman
2 Comments
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 250 total points
ID: 37754887
Why not decrypt it and grab the value from the file when your application starts? You encrypt the file so that someone who has access to the filesystem (be he authorized or not) cannot see your DB login credentials by simply opening the file. Someone would have to scan the memory of your machine to actually see the unencrypted values while your program was running.
0
 
LVL 20

Accepted Solution

by:
BuggyCoder earned 250 total points
ID: 37755860
you don't need to decrypt, actually there should not be any decrypt code ever in the application. it should only encrypt. the idea behind encryption is so that no one can see what is written in the section. When ever you will access any protected section, it will automatically be decrypted and value will be returned to you.

For example, if you encrypt conn string name conn, then to access it you only need to do:-

configurationmanager.connectionstrings["conn"];

that is it.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction When many people think of the WebBrowser (http://msdn.microsoft.com/en-us/library/2te2y1x6%28v=VS.85%29.aspx) control, they immediately think of a control which allows the viewing and navigation of web pages. While this is true, it's a…
It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now