Solved

How to encrypt my connection string ?

Posted on 2014-10-06
6
265 Views
Last Modified: 2014-10-06
i am using c# windows application. I am maintaining connection string information in machine.config file. How to encrypt my connection string in machine.config file and how to decrypt during accessing the application ?
0
Comment
Question by:Varshini S
6 Comments
 
LVL 27

Assisted Solution

by:Sammy
Sammy earned 250 total points
ID: 40364472
You can encrypt and de-crypt any config file by using the DataProtectionConfigurationProvider
see the demo here http://www.codeproject.com/Tips/598863/EncryptionplusDecryptionplusConnectionplusStringpl

just a side note, you shouldn't encrypt the machine.config, you should use an app.confg in your application and encrypt it. the machine.config is a machine level configuration file and should not be touched by a single app.
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 40364525
I concur with the above. Take advantage of IIS's ability to cascade configuration files. Place--if not already there--a top-level config file in your IIS application directory, and then put your connection strings there. You should rarely ever need to edit machine.config.
0
 

Author Comment

by:Varshini S
ID: 40364664
kaufmed - It is the windows application.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Varshini S
ID: 40364668
Sammy: i have used the sample application but when i use the encrypted values in my app.config file in the run time it is showing exception

An unhandled exception of type 'System.NullReferenceException' occurred in WindowsFormsApplication1.exe
0
 

Author Comment

by:Varshini S
ID: 40364678
Sammy:

My app.config file
<?xml version="1.0" encoding="utf-8" ?>
<configuration  xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <!--<startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>-->

  <connectionStrings>
      <clear/>
       <add name="DB2" connectionString="Data Source=SSA1\SQLEXPRESS2012;
    Initial Catalog=SAMPLE1;User ID=sa;Password=****" />


  </connectionStrings>
  


</configuration>

Open in new window


Encrypted key:


<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
        <EncryptedData>
            <CipherData>
                <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAGZ2bsBCKa0CfJWgESf/8pwQAAAACAAAAAAAQZgAAAAEAACAAAACPGC/IdWub2/OstAr43HQTRK8M90ds85G9/ZXCliVVPQAAAAAOgAAAAAIAACAAAABPyahInoV8/zMY7LxKpDR8hdE7xjzMqzZyw1sFjSfPWTAAAACrT/Jz+t/IdOgsJqEI2CE8xf0CsN8zgw7iZ0FMne2FTdJRn+8qIYkENxRtwy0LvhJAAAAA8f9QA+Y0Yh2/DlSFNKlJF51+gcN16sLjfqKV6UXXJtlzWPXztK3yhlVppq5cHkAHWe1JZy8852hjvVGQ3n0MSA==</CipherValue>
            </CipherData>
        </EncryptedData>
    </connectionStrings>
</configuration>

Open in new window

0
 
LVL 69

Accepted Solution

by:
Éric Moreau earned 250 total points
ID: 40364986
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Najam
Having new technologies does not mean they will completely replace old components.  Recently I had to create WCF that will be called by VB6 component.  Here I will describe what steps one should follow while doing so, please feel free to post any qu…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now