Solved

Encryption / Decrypting Web.Config

Posted on 2012-03-22
2
257 Views
Last Modified: 2012-04-30
Hello,

I have a script below that will encrypt and decrypt my web.config file.
My question is if I have the web.config encrypted, how to I access the database name, username and password when I need to access the database?

Do I need to run the decrypt code everytime when I open up a database source?





code:
Public Sub Encrypt()
        Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = confg.GetSection(section)
        If confgSect IsNot Nothing Then
            confgSect.SectionInformation.ProtectSection(provider)
            confg.Save()
        End If
    End Sub

Public Sub Decrypt()
 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = config.GetSection(section)
        If confgSect.SectionInformation.IsProtected Then
            confgSect.SectionInformation.UnprotectSection()
            config.Save()
        End If
End Sub

Thanks
0
Comment
Question by:jeffreyjseaman
2 Comments
 
LVL 74

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 250 total points
ID: 37754887
Why not decrypt it and grab the value from the file when your application starts? You encrypt the file so that someone who has access to the filesystem (be he authorized or not) cannot see your DB login credentials by simply opening the file. Someone would have to scan the memory of your machine to actually see the unencrypted values while your program was running.
0
 
LVL 20

Accepted Solution

by:
BuggyCoder earned 250 total points
ID: 37755860
you don't need to decrypt, actually there should not be any decrypt code ever in the application. it should only encrypt. the idea behind encryption is so that no one can see what is written in the section. When ever you will access any protected section, it will automatically be decrypted and value will be returned to you.

For example, if you encrypt conn string name conn, then to access it you only need to do:-

configurationmanager.connectionstrings["conn"];

that is it.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

1.0 - Introduction Converting Visual Basic 6.0 (VB6) to Visual Basic 2008+ (VB.NET). If ever there was a subject full of murkiness and bad decisions, it is this one!   The first problem seems to be that people considering this task of converting…
Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now