Encrypting Connection String in web.config
Solution 1
Rahul, converting a string from ASCII to base64 string isn't an encryption, which is what your first link suggests. We can easily convert base64 to ASCII.
Using configsection.protectSection() with an RSA key is a proper encryption that is available for sections of the Web.config file.
Check this link: http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx
Please note, that we can not encrypt Web.config file in a shared hosting environment where Trust level is set to medium trust.
Solution 2
To save having to visit external links, in C:\Windows\Microsoft.NET\Framework\v4.0.30319 (for .NET 4 / 4.5)
aspnet_regiis.exe -pe "connectionStrings" -app "/YourWebSiteName" -prov "DataProtectionConfigurationProvider"
To decrypt connectionStrings section using this tool, you can specify following command in aspnet_iisreg.exe tool.
aspnet_regiis.exe -pd "connectionStrings" -app "/YouWebSiteName"
Solution 3
use aspnet_regiis.exe http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx
Solution 4
Run this in Command : aspnet_regiis.exe -pef "connectionStrings" "pathToWebConfig"
or , if you want this to run programatically you can create a Process :
string fileName = @"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe";
if (8 == IntPtr.Size
|| (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))))
fileName = @"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe";
string arguments = $"-pef \"connectionStrings\" \"{application.Path}\"";
using (Process process = new Process())
{
process.EnableRaisingEvents = true;
process.StartInfo = new ProcessStartInfo
{
FileName = exeName,
Arguments = arguments,
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardError = true,
CreateNoWindow = true
};
process.Start();
processOutput.Output = process.StandardOutput.ReadToEnd();
bool exited = process.WaitForExit(timeoutMilliseconds);
if (exited)
{
processOutput.ExitCode = process.ExitCode;
}
}
Solution 5
Encryption is useful to give security to the application. Please find the following steps to encrypt web.config.
- Open Command Prompt with Administrator privileges
- At the Command Prompt, enter
- cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
- In case your web Config is located in "D:\Articles\EncryptWebConfig" directory path, then enter the following to encrypt the ConnectionString:
- ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebConfig
I have use some other thing for more security. In my Web.config i have added following code.
<httpProtocol>
<customHeaders>
<add name="x-Frame-Option" value="Deny or SEMEORGIN" />
<remove name="Server" />
<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
Comments
-
masoud ramezani about 4 years
How can we encrypt the connection string section in web.config file?