Solved

Encryption / Decrypting Web.Config

Posted on 2012-03-22
2
259 Views
Last Modified: 2012-04-30
Hello,

I have a script below that will encrypt and decrypt my web.config file.
My question is if I have the web.config encrypted, how to I access the database name, username and password when I need to access the database?

Do I need to run the decrypt code everytime when I open up a database source?





code:
Public Sub Encrypt()
        Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = confg.GetSection(section)
        If confgSect IsNot Nothing Then
            confgSect.SectionInformation.ProtectSection(provider)
            confg.Save()
        End If
    End Sub

Public Sub Decrypt()
 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath)
        Dim confgSect As ConfigurationSection = config.GetSection(section)
        If confgSect.SectionInformation.IsProtected Then
            confgSect.SectionInformation.UnprotectSection()
            config.Save()
        End If
End Sub

Thanks
0
Comment
Question by:jeffreyjseaman
2 Comments
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 250 total points
ID: 37754887
Why not decrypt it and grab the value from the file when your application starts? You encrypt the file so that someone who has access to the filesystem (be he authorized or not) cannot see your DB login credentials by simply opening the file. Someone would have to scan the memory of your machine to actually see the unencrypted values while your program was running.
0
 
LVL 20

Accepted Solution

by:
BuggyCoder earned 250 total points
ID: 37755860
you don't need to decrypt, actually there should not be any decrypt code ever in the application. it should only encrypt. the idea behind encryption is so that no one can see what is written in the section. When ever you will access any protected section, it will automatically be decrypted and value will be returned to you.

For example, if you encrypt conn string name conn, then to access it you only need to do:-

configurationmanager.connectionstrings["conn"];

that is it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I think the Typed DataTable and Typed DataSet are very good options when working with data, but I don't like auto-generated code. First, I create an Abstract Class for my DataTables Common Code.  This class Inherits from DataTable. Also, it can …
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question