Share Your Source Code or Article

 Do you have source code, articles, tutorials, web links, and books to share? You can write your own content here. You can even have your own blog.

Submit now...

Database Programming Made Easy

This tutorial will teach you step by step on how to connect and manipulate database. If you'd like to suggest a tutorial please write a comment at the bottom of this article.

Read more...

Hire Us to Do Your Work

Do you want a customized system? Do you want to setup your own website to do business? Then we are here to help you in your programming needs.

Read more...

Navigation

Recent Reviews

Recent Blog

more

Recent Tutorial

more

New forum topics

more

Popular Tags

more tags

Search

Home
Encrypting Connection Strings
planetsourcecode's picture
Submitted by planetsourcecode on Sat, 06/06/2009 - 12:22
in
Language: .NET
Category: Miscellaneous

If you are a ASP.NET developer then you know that all the information is stored in web.config file and its is plain file which can be easily open in any text Editor like Notepad or word pad . We store all the important information like connection strings, user names, passwords.That means we are handling sensitive information in a unsafe text file.
but we can easily encrypt sensitive information in configuration files

ASP.NET 2.0 introduced Protected Configuration model that allows you to encrypt data using two Protected Configuration Providers. They are:

RSAProtectedConfigurationProvider: This is the default provider and uses the RSA Public Key Encryption algorithm to encrypt and decrypt data.

DataProtectionConfigurationProvider: This provider uses Windows Data Protection Application Programming Interface (DPAPI) to encrypt and decrypt data.

Next step: though coding
1) sample web.config file

  1. <configuration>
  2.        <appSettings/>
  3.        <connectionStrings>
  4.   <add name="NorthwindConnectionString" connectionString="Data Source=ARAS02-XP;Initial Catalog=Northwind;User ID=sa"
  5.    providerName="System.Data.SqlClient" />
  6. </connectionStrings>
  7.        <system.web>
  8.              <compilation debug="true"/>
  9.              <authentication mode="Windows"/>
  10.     <pages theme="Theme1" />
  11.              </system.web>
  12. </configuration>

2). Add a new form and in code behind

  1. using System.Web.Configuration;
  2. using System.Web.Security;
  3. using System.Configuration;
  4.  
  5. public void EncryptConnString()
  6.     {
  7.  
  8. Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
  9.        ConfigurationSection section = config.GetSection("connectionStrings");
  10.         if (!section.SectionInformation.IsProtected)
  11.         {
  12.             section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
  13.             config.Save();
  14.         }
  15.     }
  16.  
  17. when this section runs it will produce a ne encrypted web.config
  18. <?xml version="1.0"?>
  19. <!-- 
  20.     Note: As an alternative to hand editing this file you can use the 
  21.     web admin tool to configure settings for your application. Use
  22.     the Website->Asp.Net Configuration option in Visual Studio.
  23.     A full list of settings and comments can be found in 
  24.     machine.config.comments usually located in 
  25.     \Windows\Microsoft.Net\Framework\v2.x\Config 
  26. -->
  27. <configuration>
  28.     <appSettings/>
  29.     <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
  30.         <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
  31.             xmlns="http://www.w3.org/2001/04/xmlenc#">
  32.             <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
  33.             <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  34.                 <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
  35.                     <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
  36.                     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  37.                         <KeyName>Rsa Key</KeyName>
  38.                     </KeyInfo>
  39.                     <CipherData>
  40.                         <CipherValue>jWmekeNh1TC5Bf5RG2RWo8TU0qLoSF9IdSSpWMgiAjeCUqvPfo/XQr/zzLz4kdHUvCbbrSPX92YOpfv0YKSKO1mlEwE9LA57W9oo/0H7E8feO0flheoNdow9Tw8RVaM7meM8CqODladWD8Vr8G9mk17gWBFByWboIBMzWQ6Rp7U=</CipherValue>
  41.                     </CipherData>
  42.                 </EncryptedKey>
  43.             </KeyInfo>
  44.             <CipherData>
  45.                 <CipherValue>7goUfwnWEqyrTFZXMBcD2eW+15j+eYyzq/YS/GpMX2NTMOrfJ6BHFy4Xr+kGEhLsckrGARfbQFsNLctL7wPBAMucnS0g2nbeMLKH1PPGjvBXjsdrvDUJ50w9CyvQ0dOqBb2Kdx0aEvmxCfCy/xLbkYPE6t/LGjVHUJFySVs4SjWhR4sLxzkxuTRSA3kq+2woobOfzIUSqOsO035SYiOYynQf2QcfodYZgT4U2KVsflUHR6Zk/iiTIh0+t1y0cMioFHkkHM8NDdjnYHToNhAP67GrulM/nAsTiMuAW4ElX/MomWAFngKmJvDqo8oKVWXY</CipherValue>
  46.             </CipherData>
  47.         </EncryptedData>
  48.     </connectionStrings>
  49.     <system.web>
  50.         <!-- 
  51.             Set compilation debug="true" to insert debugging 
  52.             symbols into the compiled page. Because this 
  53.             affects performance, set this value to true only 
  54.             during development.
  55.         -->
  56.         <compilation debug="false" />
  57.         <!--
  58.             The <authentication> section enables configuration 
  59.             of the security authentication mode used by 
  60.             ASP.NET to identify an incoming user. 
  61.         -->
  62.         <authentication mode="Windows" />
  63.         <!--
  64.             The <customErrors> section enables configuration 
  65.             of what to do if/when an unhandled error occurs 
  66.             during the execution of a request. Specifically, 
  67.             it enables developers to configure html error pages 
  68.             to be displayed in place of a error stack trace.
  69.  
  70.         <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
  71.             <error statusCode="403" redirect="NoAccess.htm" />
  72.             <error statusCode="404" redirect="FileNotFound.htm" />
  73.         </customErrors>
  74.         -->
  75.     </system.web>
  76. </configuration>

for bringing the configuration file to its original state then run the following method

  1. public void DecryptConnString()
  2.     {
  3.         Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
  4.         ConfigurationSection section = config.GetSection("connectionStrings");
  5.         if (section.SectionInformation.IsProtected)
  6.         {
  7.             section.SectionInformation.UnprotectSection();
  8.             config.Save();
  9.         }
  10.     }

About the author:

Planet Source Code is a place for all developer providing free source codes, articles, complete projects,complete application in PHP, C/C++, Javascript, Visual Basic, Cobol, Pascal, ASP/VBScript, AJAX, SQL, Perl, Python, Ruby, Mobile Development

0
Your rating: None



  • 568 reads

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <asp>, <c>, <cpp>, <csharp>, <css>, <java>, <java5>, <javascript>, <mysql>, <php>, <sql>, <vb>, <vbnet>. The supported tag styles are: <foo>, [foo].
  • You may use [inline:xx] tags to display uploaded files or images inline.

  • Links to specified hosts will have a rel="nofollow" added to them.

  • You may insert videos with [video:URL]

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Relevant Content

Feed subscription

What is RSS

Enter your email address:

Delivered by FeedBurner

Popular

All time:

Recent comments

Poll

Top 10 Programming Languages Poll:




Technology & Computers - Top Blogs Philippines

Step by Step Java Tutorial

In this tutorial you will learn how to program with Java. It has a rich of information to be educated well with Java.

Read more...

Do You Have Question?

 Do you have any question related to computer programming? Visit our forum and post new topic on the category you like. Be gentle when asking a question.

Ask now...

Point of Sale

Point of Sale is very useful especially for supermarkets or restaurants. I have included a barcode scanner in this program. Please check it out.

Read more...