Introduction
how to encrypt the connection string in Web.Config to increase the security and keep the connection with the database secure. Is there any need to decrypt the encrypted key or use directly to the encrypted string.
Why Encryption Required
In many of articles I used connectionStrings section in web.config file to store database connection. The connectionStrings section contains sensitive information of database connections including username and password of database.
Encrypting sensitive sections of the Web.Config is important because they are just that, sensitive. Think about production Web.Config file. It may contain all information that requires running your web application. There are often passwords for SQL database connections, SMTP server, API Keys, or other critical information. In addition to this, Web.Config files are usually treated as just another source code file, that means, any developer on the team, or more accurately anyone with access to the source code, can see what information is stored in Web.Config file.
If we are using applications in our internal servers with security then it’s ok if we deploy our applications in shared host environment then we have chance to arise security problems to avoid these problems
Encrypt ConnectionString
Here we will do encryption of connection string in web.config using aspnet_regiis.exe command line tool.
When you working with your WebApplication then in web.config your connection string looks similar like the below given string. Before Encryption
Step 1 - Goto Windows All Programs ==> Visual Studio 2015 (In my case it is VS 2015)
Step 2 - Now Click on Visual Studio 2015 to expend and Right click on Developer Console
Step 3 - Run Developer Console as an Administrator
Step 4 - Paste the below command in CMD window
After this use this command
how to encrypt the connection string in Web.Config to increase the security and keep the connection with the database secure. Is there any need to decrypt the encrypted key or use directly to the encrypted string.
Why Encryption Required
In many of articles I used connectionStrings section in web.config file to store database connection. The connectionStrings section contains sensitive information of database connections including username and password of database.
Encrypting sensitive sections of the Web.Config is important because they are just that, sensitive. Think about production Web.Config file. It may contain all information that requires running your web application. There are often passwords for SQL database connections, SMTP server, API Keys, or other critical information. In addition to this, Web.Config files are usually treated as just another source code file, that means, any developer on the team, or more accurately anyone with access to the source code, can see what information is stored in Web.Config file.
If we are using applications in our internal servers with security then it’s ok if we deploy our applications in shared host environment then we have chance to arise security problems to avoid these problems
Encrypt ConnectionString
Here we will do encryption of connection string in web.config using aspnet_regiis.exe command line tool.
When you working with your WebApplication then in web.config your connection string looks similar like the below given string. Before Encryption
|
<configuration>
<connectionStrings>
<add name="ConStr" connectionString="Data Source=JP-PC;
Integrated Security=true;Initial Catalog=TestDB;" />
</connectionStrings>
</configuration>
|
Step 1 - Goto Windows All Programs ==> Visual Studio 2015 (In my case it is VS 2015)
Step 2 - Now Click on Visual Studio 2015 to expend and Right click on Developer Console
Step 3 - Run Developer Console as an Administrator
Step 4 - Paste the below command in CMD window
|
cd
C:\Windows\Microsoft.NET\Framework\v4.0.30319
|
|
ASPNET_REGIIS -pef
"connectionStrings" "D:\JP_Projects\MyWebApp"
|
NOTE - here "D:\JP_Projects\MyWebApp" my project path where web.config located. In your case just open the containing folder of Web.config from Visual studio and paste the path in console.
After Successfully Encryption, Connection String might look like this
Here we don’t want to write any code to decrypt the encrypted connectionString in our application because .NET automatically decrypts it. If we want to use the connection string just call it like normal way.
string ConString = ConfigurationManager.ConnectionStrings["conStr"].ToString();
0 comments:
Post a Comment