How to encrypt decrypt connection string in webconfig file?
How to Secure Connection Strings, Encrypt Connection String
ASP.NET gives a built in way to do this. We can use RSAProtectedConfigurationProvider to encrypt the connection strings using User Level Key and Machine Level Key. User Level Key is used when you are running your application on a shared server and Machine Level Key is used when you are running your application on dedicated server.
DataProtectionConfgurationProvider (Machine Level Key):
This provider uses windows data protection application programming interface to encrypt and decrypt the data. The encrypting and decrypting of connection strings in web.config file will do by using aspnet_regiis.exe command line tool and code behind.
RSAProtectedConfigurationProvider (User Level Key):
This is default provider and uses the RSA public key encryption algorithm to encrypt and decrypt data.
Method 1st:
First we will do encryption and decryption using aspnet_regiis.exe command line tool in file system website
First we add a sample connection string in web.config file such as:
<connectionStrings>
<add
name="myconstr" connectionString="Driver={MySQL ODBC
3.51 Driver};SERVER=localhost;
DATABASE=demo;Port=3306;USER=root;PASSWORD=;Connect Timeout=0;" />
</connectionStrings>
After open command prompt type the following command:
There write this command on command prompt:
aspnet_regiis -pef "connectionStrings" "C:\Users\lepton\Desktop\Encrypt_Decrypt_constring"
Note: Here the "C:\Users\lepton\Desktop\Encrypt_Decrypt_constring" is the physical path of your website and pef indicates that the application is built as File System website. Review the web.config after this. You will find it encrypted.
Now open your application and check connectionStrings in web.config file that would be like this:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData
Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>QbWzm6vEwhORJFaiuSvc4i9JQVqpnuaIsDlKFamVa8tyYkwwFKKykeyeHUytuHp7SeDEcHGc+6PnbCSM5d8QYuX9gnmteG7aiHK90RxU5L49ykVn9JXmzOlrzCzY9OcnsvWZWwjwtNS1F8msTRTKVvcws/a+yjOJxhWVPehSNV4=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>0v+GStk127QfUynaq2Ys5/BSsI55KRvX1vQymZRbFTASDnnuHZKi1slZkTsV72TdmeU2lN0tjAX+JJWwR2Vaicqc7WrxaHznprCPJgCOOhddQR4yERvGcDAiSQP5zfdnhC7vuv2Bo/mRIy8XodLs2Wpj5kRZD3i1wb5r7Za05g72A2pi74aZhgvDHSVFZqn03+QvkaTBXVSW5IGZJyXmLH/7jb0HTfpUnJwWuL0Qf7voTFo6Yw1pAI6wdW+EMcvyNwM22xrh4PVn/34yQLq3ARwIgYnDkK87YCZGNStVXrcJz+oUIeWcTw==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
Later on you can access this connection string as normal way in your pages:
ConfigurationManager.ConnectionStrings["myconstr"].ConnectionString
- To revert the web.config connection strings back to plain text:
aspnet_regiis -pdf "connectionStrings" "C:\Users\lepton\Desktop\Encrypt_Decrypt_constring"
Now check your connctionStrings section in your web.config file you will see decrypted connection string.
How to encrypt decrypt connection string in webconfig file?
Reviewed by Ravi Kumar
on
12:44 PM
Rating:
Reviewed by Ravi Kumar
on
12:44 PM
Rating:
