Search
Categories
  ASP.NET
Visual C#
Visual Basic
.NET Framework
ADO.NET
AJAX
LINQ
Java 		 
Tutorial Rating
 
3.5 out of 5


Total Votes: 12
         
1 2 3 4 5
 




Connection String Encryption in Web.config using C#

Author: Waqas Anwar - Posted Date: 26-March-2008 - Category: ASP.NET   
Bookmark and Share
Almost all ASP.NET web sites connect database and one of the best practices in ASP.NET is to store your database connection string outside your source code typically in web configuration file (web.config). This gives you benefit of changing your database related information such as the server name, user id or password without any modification or compilation of your source code. To provide additional security of important connection string information you should always encrypt your connection string in web.config file.
 
ASP.NET 2.0 allow you to encrypt and decrypt your connection string in web.config. In the following tutorial, I will show you how you can encrypt and decrypt connection strings in C# using .NET Framework built in classes available in System.Configuration and System.Web.Configuration namespaces.

To test the following code you should have your connection string in web.config file as following code shows:


<configuration>
 <connectionStrings>
       <add name="MyConnectionString" connectionString="Data Source=TestServer; Database=TestDB; User ID=test; Password=test" providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
Here is the C# code to encrypt and decrypt connection string. Make sure you have reference of System.Configuration and System.Web.Configuration available to test this code.

Encryption

try
{
    Configuration config = WebConfigurationManager.OpenWebConfiguration("~");
    ConfigurationSection section = config.GetSection("connectionStrings");
    if (!section.SectionInformation.IsProtected)
    {
        section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider");
        config.Save();
    }
}
catch (Exception ex)
{ }
Decryption

try
{
    Configuration config = WebConfigurationManager.OpenWebConfiguration("~");
    ConfigurationSection section = config.GetSection("connectionStrings");
    if (section.SectionInformation.IsProtected)
    {
        section.SectionInformation.UnprotectSection();
        config.Save();
    }
}
catch (Exception ex)
{ }


RELATED TUTORIALS

  Using SqlConnectionStringBuilder class in C#
  Connection String Encryption in Web.config using VB.NET
  Storing Database Connection Strings in App.Config

LEAVE YOUR COMMENTS LEAVE YOUR COMMENTS
 Name (required)  
 Email (required
 Website


 
POSTED COMMENTS POSTED COMMENTS

Very informative tutorial. sir please tell me how to do this for desktop applications' configuration file.
Posted by Gentleman on Friday, April 23, 2010

sir please correct the mistake:
write "Here is C#.Net code for....." Instead of
"Here is visual basic.net code for....."
Posted by Gentleman on Friday, April 23, 2010

Typing error is fixed. Thanks for your comments.
Posted by Waqas Anwar on Friday, April 23, 2010

 


 
 
 

Categories

My Portfolio

Website Links


Copyright @ 2009 EzzyLearning.com