Solved

Encryption / Decrypting Web.Config

Posted on 2012-03-22
2
260 Views
Last Modified: 2012-04-30
Hello,

I have a script below that will encrypt and decrypt my web.config file.
My question is if I have the web.config encrypted, how to I access the database name, username and password when I need to access the database?

Do I need to run the decrypt code everytime when I open up a database source?





code:
Public Sub Encrypt()
        Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = confg.GetSection(section)
        If confgSect IsNot Nothing Then
            confgSect.SectionInformation.ProtectSection(provider)
            confg.Save()
        End If
    End Sub

Public Sub Decrypt()
 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = config.GetSection(section)
        If confgSect.SectionInformation.IsProtected Then
            confgSect.SectionInformation.UnprotectSection()
            config.Save()
        End If
End Sub

Thanks
0
Comment
Question by:jeffreyjseaman
2 Comments
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 250 total points
ID: 37754887
Why not decrypt it and grab the value from the file when your application starts? You encrypt the file so that someone who has access to the filesystem (be he authorized or not) cannot see your DB login credentials by simply opening the file. Someone would have to scan the memory of your machine to actually see the unencrypted values while your program was running.
0
 
LVL 20

Accepted Solution

by:
BuggyCoder earned 250 total points
ID: 37755860
you don't need to decrypt, actually there should not be any decrypt code ever in the application. it should only encrypt. the idea behind encryption is so that no one can see what is written in the section. When ever you will access any protected section, it will automatically be decrypted and value will be returned to you.

For example, if you encrypt conn string name conn, then to access it you only need to do:-

configurationmanager.connectionstrings["conn"];

that is it.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

1.0 - Introduction Converting Visual Basic 6.0 (VB6) to Visual Basic 2008+ (VB.NET). If ever there was a subject full of murkiness and bad decisions, it is this one!   The first problem seems to be that people considering this task of converting…
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question