Encrypting Connection Strings in ASP.Net

You can encrypt the <connectionStrings> section of a web configuration file. This Example contains an encrypted version of the Web.Config file that was created

<configuration>
<protectedData>
<protectedDataSections>
<add name=”connectionStrings” provider=”RsaProtectedConfigurationProvider”
inheritedByChildren=”false” />
</protectedDataSections>
</protectedData>
<connectionStrings>
<EncryptedData Type=”http://www.w3.org/2001/04/xmlenc#Element”
xmlns=”http://www.w3.org/2001/04/xmlenc#”>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/
xmlenc#tripledes-cbc” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
<EncryptedKey Recipient=”” xmlns=”http://www.w3.org/2001/04/xmlenc#”>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-1_5” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>MPLyXy7PoZ8E5VPk6K/azkGumO5tpeuWRzxx4PfgKeFwFccKx/8Zc7app++0
4c/dX7jA3uvNniFHTW6eKvrkLOsW2m6MxaeeLEfR9ME51Gy5jLa1KIXfTXKuJbXeZdiwrjCRdIqQpEj4fGZvr
3KkwI5HbGAqgK4Uu7IfBajdTJM=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>CgnD74xMkcr7N4fgaHZNMps+e+if7dnEZ8xFw07kOBexaX+KyJvqtPuZiD2hW
Dpqt5EOw6YM0Fs2uI5ocetbb74+d4kfHorC0bEjLEV+zcsJVGi2dZ80ll6sW+Y99osupaxOfr
L3ld3mphMYrpcf+xafAs05s2x7H77TY01Y1goRaQ77tnkEIrQNQsHk/5eeptcE+A8scZSlaol
FRNSSCdyO1TiKjPHF+MtI/8qzr2T6yjYM5Z+ZQ5TeiVvpg/6VD7K7dArIDmkFMTuQgdQBSJ
UQ23dZ5V9Ja9HxqMGCea9NomBdhGC0sabDLxyPdOzGEAqOyxWKxqQM6Y0JyZKtPDg
==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>

That the contents of the <connectionStrings> section are no longer visible.
However, an ASP.NET page can continue to read the value of the DemoData database connection string by using the <%$ ConnectionStrings:DemoData %> expression.

The easiest way to encrypt the <connectionStrings> section is to use the aspnet_regiis command-line tool. This tool is located in the following folder:
Executing the following command encrypts the <connectionStrings> section of a Web.Config file located in a folder with the path c:\Websites\DemoWebsite:

aspnet_regiis -pef connectionStrings “c:\Websites\DemoWebsite”

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.

You can decrypt a section with the -pdf option like this:

aspnet_regiis -pdf connectionStrings “c:\Websites\DemoWebsite”
Tags: , ,
Hot on Web:


About author