Solved

Encryption / Decrypting Web.Config

Posted on 2012-03-22
2
261 Views
Last Modified: 2012-04-30
Hello,

I have a script below that will encrypt and decrypt my web.config file.
My question is if I have the web.config encrypted, how to I access the database name, username and password when I need to access the database?

Do I need to run the decrypt code everytime when I open up a database source?





code:
Public Sub Encrypt()
        Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = confg.GetSection(section)
        If confgSect IsNot Nothing Then
            confgSect.SectionInformation.ProtectSection(provider)
            confg.Save()
        End If
    End Sub

Public Sub Decrypt()
 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = config.GetSection(section)
        If confgSect.SectionInformation.IsProtected Then
            confgSect.SectionInformation.UnprotectSection()
            config.Save()
        End If
End Sub

Thanks
0
Comment
Question by:jeffreyjseaman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 250 total points
ID: 37754887
Why not decrypt it and grab the value from the file when your application starts? You encrypt the file so that someone who has access to the filesystem (be he authorized or not) cannot see your DB login credentials by simply opening the file. Someone would have to scan the memory of your machine to actually see the unencrypted values while your program was running.
0
 
LVL 20

Accepted Solution

by:
BuggyCoder earned 250 total points
ID: 37755860
you don't need to decrypt, actually there should not be any decrypt code ever in the application. it should only encrypt. the idea behind encryption is so that no one can see what is written in the section. When ever you will access any protected section, it will automatically be decrypted and value will be returned to you.

For example, if you encrypt conn string name conn, then to access it you only need to do:-

configurationmanager.connectionstrings["conn"];

that is it.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question