Introduction: In previous articles i explained How to encrypt and decrypt username,password and store in Sql Server database using asp.net and Encrypt and Decrypt connectionString in web.config file using code in asp.net and How to Encrypt Query String in asp.net(C#, VB) | Encrypting and Decrypting Query String in asp.net(C#, VB). and 20 differences between Stored procedures and Functions in Sql Server and Validate and upload image files in asp.net and What is Page.IsValid and Page.Validate in Asp.net.
Now i will explain How to Encrypt and Decrypt or we can say encode and decode connection string in web.config.As we know connectionstring in the web.config file contains the most sensitive information. No one wants to disclose the information related to his database to all the users where the application is deployed. So in this case you can encrypt the connection string.
Implementation: Let's create an application to understand
and In order to encrypt the connection string section in the web.config file follow the steps,
1. Go to Start -> All programs -> Microsoft Visual Studio 2010-> Visual studio Tools
-> Microsoft Visual Studio Command Prompt(2010)
2. Type following command in the command prompt,
aspnet_regiis.exe -pef “connectionStrings” D:\Projects\MyProject
Here “–pef” indicates that the application is built as File System website. The second argument is the name of configuration section that you want to encrypt. Third argument is the physical path where the web.config file is located. E.g. here in our case in D drive and the project name is MyProject.
In case if you are using IIS base web site then the command will be,
aspnet_regiis.exe -pe “connectionStrings” -app “/MyProject”
Here ” –pe” indicates that the application is built as IIS based site. The second argument is the name of configuration section that you want to encrypt. Third argument “-app” indicates virtual directory and last argument is the name of virtual directory where application is deployed.
If everything goes fine then you will receive a message “Encrypting configuration section…Succeeded!”
Now to check open your web.config file and you can see that connection string is in encrypted form like:
Now i will explain How to Encrypt and Decrypt or we can say encode and decode connection string in web.config.As we know connectionstring in the web.config file contains the most sensitive information. No one wants to disclose the information related to his database to all the users where the application is deployed. So in this case you can encrypt the connection string.
Implementation: Let's create an application to understand
- Suppose your connection string in web.config file look like:
<add name="MyDbCon" connectionString="Data Source=LocalServer;Initial Catalog=MyDataBase;Integrated
Security=True" />
</connectionStrings>
and In order to encrypt the connection string section in the web.config file follow the steps,
1. Go to Start -> All programs -> Microsoft Visual Studio 2010-> Visual studio Tools
-> Microsoft Visual Studio Command Prompt(2010)
2. Type following command in the command prompt,
aspnet_regiis.exe -pef “connectionStrings” D:\Projects\MyProject
Here “–pef” indicates that the application is built as File System website. The second argument is the name of configuration section that you want to encrypt. Third argument is the physical path where the web.config file is located. E.g. here in our case in D drive and the project name is MyProject.
In case if you are using IIS base web site then the command will be,
aspnet_regiis.exe -pe “connectionStrings” -app “/MyProject”
Here ” –pe” indicates that the application is built as IIS based site. The second argument is the name of configuration section that you want to encrypt. Third argument “-app” indicates virtual directory and last argument is the name of virtual directory where application is deployed.
If everything goes fine then you will receive a message “Encrypting configuration section…Succeeded!”
Now to check open your web.config file and you can see that connection string is in encrypted form like:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>BtkULhGibSbuUXf+Sj7Ji4K7KTCvZkCHD4V/2cF1uZBqRxaZJDEfNyZ6VfCyZSzzhALRyAwXe6BSF5If4X755sZzwPeIB5/T0Xbf4A3k/U5zVh8GEeEej3Su6N+qY4RBJWg6YxXRTY40fsBqb8jgwBEC3QpoR1T4OZBvhJtqZaI=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>UUwuB9KVFnFwFHH85nBDe5hWoF0d1cDjA6ObR8U62zXh7NiRPLKNzCJe6LZN5+dhN986Vw9YPKldEJJK4MaNXkvI9pavHb/nY9Oeuhr/GjFAaThx9SEzgIO53TdYMqH0Fpg4ESfK0gCMvniX5cdvukCMETRnQxqXP3IoHaonADnsbzS9nE0drVHfF1E+v4LXtfiYjMLFH5XR88Vki+6R8gY8m3pks/RN</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
Note: You do not have to write
any code to decrypt this connection string in your application, because dotnet
automatically decrypts it. You can still use the connection string where you
want like.
ConfigurationManager.ConnectionStrings["MyDbCon"].ConnectionString;
In the same way if you want to decrypt the configuration section in web.config file use following command,
For File System Application the command will be
aspnet_regiis.exe -pdf “connectionStrings” D:\Projects\ MyProject
For IIS based Application the command will be:
aspnet_regiis.exe -pd “connectionStrings” -app “/MyProject”
ConfigurationManager.ConnectionStrings["MyDbCon"].ConnectionString;
In the same way if you want to decrypt the configuration section in web.config file use following command,
For File System Application the command will be
aspnet_regiis.exe -pdf “connectionStrings” D:\Projects\ MyProject
For IIS based Application the command will be:
aspnet_regiis.exe -pd “connectionStrings” -app “/MyProject”
Now over to you:
"If
you like my work; you can appreciate by leaving your comments, hitting Facebook
like button, following on Google+, Twitter, Linked in and Pinterest, stumbling
my posts on stumble upon and subscribing for receiving free updates directly to
your inbox . Stay tuned for more technical updates."
If you have any question about any post, Feel free to ask.You can simply drop a comment below post or contact via Contact Us form. Your feedback and suggestions will be highly appreciated. Also try to leave comments from your account not from the anonymous account so that i can respond to you easily..