kaizenpro
asked on
Encrypting a web.config connection string
Hi,
I need to encrypt the connection string in my web.config file for my MVC5 project. The database is an Azure SQL database. I have never done encryption before and I am struggling.
First I followed instructions in this article - https://azure.microsoft.com/en-us/blog/securing-your-connection-string-in-windows-azure-part-1/ . But when it came to loading the files on to Azure, the link contained in the document was broken, and I couldn't find out where to upload them.
After some research, I found out that Azure Key Vault is the way forward, but I am struggling to find out how to use Key Vault as it is not in Azure Management Portal and to use it you need Powershell knowledge. I have tried to use Powershell as per this link https://channel9.msdn.com/Blogs/Windows-Azure/Azure-Key-Vault-Developer-Quick-Start only to find out that some of the commands are no longer in use.
Is there an easier method for me to follow? What other options do I have?
Thanks
I need to encrypt the connection string in my web.config file for my MVC5 project. The database is an Azure SQL database. I have never done encryption before and I am struggling.
First I followed instructions in this article - https://azure.microsoft.com/en-us/blog/securing-your-connection-string-in-windows-azure-part-1/ . But when it came to loading the files on to Azure, the link contained in the document was broken, and I couldn't find out where to upload them.
After some research, I found out that Azure Key Vault is the way forward, but I am struggling to find out how to use Key Vault as it is not in Azure Management Portal and to use it you need Powershell knowledge. I have tried to use Powershell as per this link https://channel9.msdn.com/Blogs/Windows-Azure/Azure-Key-Vault-Developer-Quick-Start only to find out that some of the commands are no longer in use.
Is there an easier method for me to follow? What other options do I have?
Thanks
ste5an
Where is your application hosted? Azure or your own IIS on a dedicated/virtual server?
ASKER
Ste5an thanks for replying.
The application will be hosted on Azure and the SQL DB will be on Azure also.
The application will be hosted on Azure and the SQL DB will be on Azure also.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi...
You can do the following steps for it.
1. Open command prompt with administrator privileges
2. At the command prompt, enter
cd C:\Windows\Microsoft.NET\F
3. In case your web config is located in "D:\Articles\EncryptWebCon
ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebcon
Use Aspnet_regiis.exe tool with the -pef option and specify the application path as shown above.
After Encrypting your ConnectionStrings section, your ConnectionStrings will not be in a readable format.
<configuration>
<connectionStrings configProtectionProvider="
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZbDTF00MYzUUW
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>42IPPRUjJxCND
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Accessing Decrypted Configuration Settings
string ConnString = ConfigurationManager.Conne
Decrypting the Connection String
ASPNET_REGIIS -pdf "connectionStrings" "D:\Articles\EncryptWebCon
You can do the following steps for it.
1. Open command prompt with administrator privileges
2. At the command prompt, enter
cd C:\Windows\Microsoft.NET\F
3. In case your web config is located in "D:\Articles\EncryptWebCon
ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebcon
Use Aspnet_regiis.exe tool with the -pef option and specify the application path as shown above.
After Encrypting your ConnectionStrings section, your ConnectionStrings will not be in a readable format.
<configuration>
<connectionStrings configProtectionProvider="
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZbDTF00MYzUUW
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>42IPPRUjJxCND
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Accessing Decrypted Configuration Settings
string ConnString = ConfigurationManager.Conne
Decrypting the Connection String
ASPNET_REGIIS -pdf "connectionStrings" "D:\Articles\EncryptWebCon