2

I know how to use System.Configuration.SectionInformation.ProtectSection to encrypt and decrypt connection string in app.config (VS 2010, C#, .Net 3.5), however I suppose that any one who know this method can take the encrypted string and decrypt it, right?

If not, please tell me why. If yes, is there any work around? I searched but could not find any help.

Improve this question
6
  • Possible duplicate of stackoverflow.com/questions/7324258/… which has a really good answer. Does that answer your question? Commented Sep 27, 2016 at 12:45
  • no, not what I need. Commented Sep 27, 2016 at 12:46
  • Why the sql tag? (I see no SQL connection at all.) Commented Sep 27, 2016 at 12:47
  • Have you looked into RSA? new System.Security.Cryptography.RSACryptoServiceProvider() Commented Sep 27, 2016 at 12:49
  • No, because the encryption key is stored on your PC. So 'any one' would need to have access to your computer to decrypt the section. As explained in the link provided by @RobLang Commented Sep 27, 2016 at 12:49

2 Answers 2

Reset to default
1

When a string is encrypted it uses a certificate installed on the machine to perform the encryption so you would need the string and the machine key to decrypt it.

The full instructions on encrypting sections of the configuration are on MSDN.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

To decrypt connection string info you can use below method:

Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
   section.SectionInformation.UnprotectSection();
   config.Save();
}

Read the full information from this article.

Improve this answer

Comments