Encrypt or Decrypt Connection Strings in web.config

Deploy applications in hosting environment we have to take care of application security items or confidential values of application like secure DB connection string, configuration values etc??? To secure all these information, we need to encrypt the keys.??
ASP.NET 2.0 has built in functionality to encrypt / decrypt few sections of web.config file those are??
RSAProtectedConfigurationProvider: This is default provider and uses the RSA public key encryption algorithm to encrypt and decrypt data.
DataProtectionConfgurationProvider: This provider uses windows data protection application programming interface to encrypt and decrypt the data.??
Encrypt or Decryprt connection strings in web.config file can be done by using aspnet_regiis.exe command line or code behind using configuration providers. First will see using command line statements.
Encrypt/Decrypt using aspnet_regiis
First we will do Encrypt/Decrypt in File System Website
First create one sample website in visual studio, then add a sample connection string in web.config file like this

<connectionStrings> <add name=\”Server=;Database=ischool;Uid=root;Pwd=root;\” connectionString=\”SampleConnectionString\” providerName=\”MySql.Data.MySqlClient\” /> </connectionStrings>
Then open visual studio command prompt if you are using windows 7 select Run as Administrator. In command prompt type the following command

C:\\Program Files\\Microsoft Visual Studio 10.0\\VC>aspnet_regiis -pef \”connectionStrings\” \”D:\\Siva\\R&D\\DotNet\\ASPNET\\WebSite2\”

Leave a Reply

Scroll to Top
%d bloggers like this: