All geek questions in one place

How to encrypt a connection in web.config

I have connection strings in a web configuration file:

 <connectionStrings>
    <add name = "ConString2" connectionString = "Data Source = testdb; Persist Security Info = True; User ID = test; Password = test; Unicode = True;" providerName = "System.Data.OracleClient" />
    <add name = "ConString3" connectionString = "Data Source = testdb; Persist Security Info = True; User ID = test; Password = test; Unicode = True;" providerName = "Oracle.DataAccess.Client" />
  </connectionStrings>

I want to save the connection string in an encrypted format, and when I use to extract data from the database, I want to decrypt the connection and connect to the database.

+4
source share
2 answers

Please check this link https://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.85).aspx

This is standard connection processing using IIS. You can perform your own encryption. for example, take any encrpytion tool and encrypt the connection. Before passing the connection string. Decrypt it.

Password Encryption / Decryption Code in .NET

+2
source

You can encrypt the web configuration file using "aspnet_regiis.exe". This file is located in the following location: % WINDIR% \ Microsoft.NET \ Framework \

so change the command line directory to the above location and then type:

 aspnet_regiis.exe -pef section physical_directory
  -- or --
aspnet_regiis.exe -pe section -app virtual_directory

example:

aspnet_regiis.exe -pef "connectionStrings" "C:\folder_where_webconfig_file_exit"

and ASP.Net will handle decryption of the connection string.

:

http://www.asp.net/web-forms/overview/data-access/advanced-data-access-scenarios/protecting-connection-strings-and-other-configuration-information-cs

http://weblogs.asp.net/sreejukg/securing-sections-in-web-config

+1

Source: https://habr.com/ru/post/1599814/

More articles:


All Articles