.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Articles >> Security >> Post New Resource Bookmark and Share   

 Subscribe to Articles

Encryption of your web.config file

Posted By:Mihir Soni       Posted Date: February 15, 2011    Points: 75    Category: Security    URL: http://www.dotnetspark.com  

I would like to introduce how you can encrypt your web.config file so that your data like connectionstring and smtp setting get secured
 

Hello,

I am going to explain you how to encrypt your web.config file.

I would like to suggest to all the developers that, as we want secure our web/Desktop application to satisfy our client,but what if we don't encrypt the confidential data like connection string, mail server settings,etc...

Some of developer might think of MD5 encryption,but it's not possible because it's irreversible so we can't use that.

Here I am going to explain in simple way of encryption. 

So firstly we have to get our configuration file in configuration object, so we can achieve that
from the following code.
System.Configuration.Configuration configFile = default(System.Configuration.Configuration);
ConfigurationSection configSection = default(ConfigurationSection);

configFile = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
configSection = configFile.Sections("connectionStrings");
The second part of the code, I mean ConfigSection object is use to get particular section from whole configuration file.

Now we are trying to encrypt ConnectionString Section from the whole configuration file

So,now its time to encrypt that section you can do that by following code.

configSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
configFile.Save();
Now when you try to see your configuration file it would be in an encrypted format. You won't be able to see the plain text of the connection part.

You might wondering that what if you want to use that connection string you have to decrypt it again,
of course not, you don't need to decrypt that,it'll decrypt automatically using following method of connection string.

string cnStr = null;
cnStr = System.Web.Configuration.WebConfigurationManager.ConnectionStrings("ConString1").ConnectionString;
Now you need to change the actual connection string,yes you can but firstly you have to decrypt that and then you'll be able to edit that connection string.

System.Configuration.Configuration configFile = default(System.Configuration.Configuration);
ConfigurationSection configSection = default(ConfigurationSection);

configFile = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
configSection = configFile.Sections("connectionStrings");
configSection.SectionInformation.UnProtectSection();
configFile.Save();
So that's it you can now edit/update/ your connection string part and then you can again encrypt that config file.

Thank you.

I hope this helps you a lot.
 Subscribe to Articles

     

Further Readings:

Responses

No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend