1

Just read this article http://tutorialslink.com/Articles/Encrypt-and-Decrypt-Connection-Strings-in-Webconfig/52

they said if we use this command then connection string will be encrypted aspnet_regiis.exe -pef "connectionStrings" "<Path of the Folder containing the Web.Config file>" and say this command will decrypt the connection string aspnet_regiis.exe -pdf "connectionStrings" "<Path of the Folder containing the Web.Config file>"

but the problem is if we follow this approach it may not work when we host our web site in different pc.

so please tell me what approach we should follow to encrypt / decrypt connection string or any section in web.config which will work in any pc.

thanks in advance.

Improve this question
2
  • Why would you want to do that in the first place? The connection string is supposed to be hidden from the outside anyway. Commented Apr 13, 2018 at 12:02
  • i want to do it even if anyone can hack web.config they will not be able to read db connection details easily. Commented Apr 13, 2018 at 12:11

1 Answer 1

Reset to default
1

I don't know how sensitive your data is, but I suppose you could try the following:

  1. Encrypt the connectionString manually first (for instance, with AES(Rijndael)).
  2. Paste the encrypted string in your web.config.

  3. Decrypt the string in your code, using something like this

    private string getConnectionString()
{
    string encrypted = System.Configuration.
          ConfigurationManager.AppSettings["connectionString"];

    //Rijndael or any other form of decryption here...
    //.....
    //.....

    return decryptedString;
}

  4. Use the decrypted connectionString to connect to your database! :)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

i want to use anything in-built in asp.net which encrypt and decrypt data automatically. thanks for your reply.
Once you paste the encrypted string, you shouldn't have to worry about it :) Also, AES encryption is built right into the .NET Framework
the approach what you have explain that is normal encrypt decrypt operation but i am looking for something where asp.net will do it on behalf of developer. anyway thanks for your reply.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.