Solved

I need help connecting to my DB, securely, from my VB.Net application

Posted on 2016-10-27
5
49 Views
Last Modified: 2016-11-18
Hi Experts,
I just got a request asking me to remove, or encrypt the connection string information from my VB.Net WinForm applications.

A suggestion was to store the connection string in the database and retrieve it somehow.  How would I connect to the sql server database to retrieve my connection string if I don't have my credentials in my Vb.Net application?  How can this be accomplished?

Thanks in advance for your help,
mrotor
0
Comment
Question by:mainrotor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 70

Accepted Solution

by:
Éric Moreau earned 250 total points (awarded by participants)
ID: 41862865
0
 
LVL 21

Assisted Solution

by:Tapan Pattanaik
Tapan Pattanaik earned 250 total points (awarded by participants)
ID: 41862895
Hi mainrotor,

You can encrypt the connection string by following steps.

1. Open Command Prompt with "Run as administrator "
2. At the Command Prompt, enter: ( For .NET framework 4.0)

    cd C:\Windows\Microsoft.NET\Framework\v4.0.30319

In case your web Config is located in "D:\Project\EncryptWebConfig" directory path, then enter the following to encrypt the ConnectionString:

ASPNET_REGIIS -pef "connectionStrings" "D:\Project\EncryptWebConfig"

Use Aspnet_regiis.exe tool with the –pef option and specify the application path as shown above.

Similar  you can Decrypting the Connection String:

ASPNET_REGIIS -pdf "connectionStrings" "D:\Project\EncryptWebConfig"

For moredetails please check the below URL:

http://www.codeproject.com/Tips/795135/Encrypt-ConnectionString-in-Web-Config

Regards,
Tapan Pattanaik
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 41865572
nopoints:
@tapan: he is using a windows forms application not a web application therefor no web.config. ErgoÉric Moreau's suggestion of using app.config is correct
1
 
LVL 21

Expert Comment

by:Tapan Pattanaik
ID: 41865671
Hi David, You are correct. Thanks for the suggestion.

Hi  mainrotor,

The suggesting I have mentioned above having ID: 41862895 needs to be slightly changed. You have to temporarily rename the App.Config file to Web.Config for performing the above steps which I have mention having ID: 41862895.

Note: The aspnet_regiis.exe Command Line Utility of the Visual Studio does not recognize for App.Config files and hence we need to temporarily rename the App.Config file to Web.Config.

For more details Please check the below links:

http://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-Connection-String-in-AppConfig-file.aspx
0
 
LVL 70

Expert Comment

by:Éric Moreau
ID: 41892672
both good but mine requires less manipulations
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question