kaizenpro
asked on
Encrypting a web.config connection string
Hi,
I need to encrypt the connection string in my web.config file for my MVC5 project. The database is an Azure SQL database. I have never done encryption before and I am struggling.
First I followed instructions in this article - https://azure.microsoft.com/en-us/blog/securing-your-connection-string-in-windows-azure-part-1/ . But when it came to loading the files on to Azure, the link contained in the document was broken, and I couldn't find out where to upload them.
After some research, I found out that Azure Key Vault is the way forward, but I am struggling to find out how to use Key Vault as it is not in Azure Management Portal and to use it you need Powershell knowledge. I have tried to use Powershell as per this link https://channel9.msdn.com/Blogs/Windows-Azure/Azure-Key-Vault-Developer-Quick-Start only to find out that some of the commands are no longer in use.
Is there an easier method for me to follow? What other options do I have?
Thanks
I need to encrypt the connection string in my web.config file for my MVC5 project. The database is an Azure SQL database. I have never done encryption before and I am struggling.
First I followed instructions in this article - https://azure.microsoft.com/en-us/blog/securing-your-connection-string-in-windows-azure-part-1/ . But when it came to loading the files on to Azure, the link contained in the document was broken, and I couldn't find out where to upload them.
After some research, I found out that Azure Key Vault is the way forward, but I am struggling to find out how to use Key Vault as it is not in Azure Management Portal and to use it you need Powershell knowledge. I have tried to use Powershell as per this link https://channel9.msdn.com/Blogs/Windows-Azure/Azure-Key-Vault-Developer-Quick-Start only to find out that some of the commands are no longer in use.
Is there an easier method for me to follow? What other options do I have?
Thanks
Where is your application hosted? Azure or your own IIS on a dedicated/virtual server?
ASKER
Ste5an thanks for replying.
The application will be hosted on Azure and the SQL DB will be on Azure also.
The application will be hosted on Azure and the SQL DB will be on Azure also.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi...
You can do the following steps for it.
1. Open command prompt with administrator privileges
2. At the command prompt, enter
cd C:\Windows\Microsoft.NET\F ramework\v 4.0.30319
3. In case your web config is located in "D:\Articles\EncryptWebCon fig" directory path, then enter the following to encrypt the ConnectionString:
ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebcon fig"
Use Aspnet_regiis.exe tool with the -pef option and specify the application path as shown above.
After Encrypting your ConnectionStrings section, your ConnectionStrings will not be in a readable format.
<configuration>
<connectionStrings configProtectionProvider=" RsaProtect edConfigur ationProvi der">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZbDTF00MYzUUW 5U3w3PU0rf iAH1UKhvuL SNWPmB/Yif BKne6HAWfV c3CnKVimyP 8SFyamaR5o AIAxj/xavf pox8EOYXNI +afsksiuA5 huSDupCZKN uXq+VCZrdI yn6YOq+W7s 3Ojlu7q9Vw KcoKurl28l 2hcPvWkBk1 1KYB7hr0=< /CipherVal ue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>42IPPRUjJxCND HEBLCAJI4/ NyLpLueZSB zUXO69lVdZ U8+nLpxO+o pnbZNxqddy zNnbCO1Uk2 Da3ljExkqn LIxT2zs90J AhZvJ5ljIg Cipq7ZEp7z HOpvTH9fBG oZJJWhgddd OrHZsLDE9m ILjlvBHDhP QrYcMHtY6o LIbxJq92it 82iBJv0fS7 v1S/o0p4hA tfky+6hXCZ WSKUJHr88N DrKe2EEK3m azD2QD5Ozf /w=</Ciphe rValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Accessing Decrypted Configuration Settings
string ConnString = ConfigurationManager.Conne ctionStrin gs[1].ToSt ring();
Decrypting the Connection String
ASPNET_REGIIS -pdf "connectionStrings" "D:\Articles\EncryptWebCon fig"
You can do the following steps for it.
1. Open command prompt with administrator privileges
2. At the command prompt, enter
cd C:\Windows\Microsoft.NET\F
3. In case your web config is located in "D:\Articles\EncryptWebCon
ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebcon
Use Aspnet_regiis.exe tool with the -pef option and specify the application path as shown above.
After Encrypting your ConnectionStrings section, your ConnectionStrings will not be in a readable format.
<configuration>
<connectionStrings configProtectionProvider="
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZbDTF00MYzUUW
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>42IPPRUjJxCND
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Accessing Decrypted Configuration Settings
string ConnString = ConfigurationManager.Conne
Decrypting the Connection String
ASPNET_REGIIS -pdf "connectionStrings" "D:\Articles\EncryptWebCon