Encrypting Connection String in web.config

.net asp.net encryption web-config

59,765

Solution 1

Rahul, converting a string from ASCII to base64 string isn't an encryption, which is what your first link suggests. We can easily convert base64 to ASCII.

Using configsection.protectSection() with an RSA key is a proper encryption that is available for sections of the Web.config file.

Check this link: http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

Please note, that we can not encrypt Web.config file in a shared hosting environment where Trust level is set to medium trust.

Solution 2

To save having to visit external links, in C:\Windows\Microsoft.NET\Framework\v4.0.30319 (for .NET 4 / 4.5)

aspnet_regiis.exe -pe "connectionStrings" -app "/YourWebSiteName" -prov "DataProtectionConfigurationProvider"

To decrypt connectionStrings section using this tool, you can specify following command in aspnet_iisreg.exe tool.

aspnet_regiis.exe -pd "connectionStrings" -app "/YouWebSiteName"

Solution 3

use aspnet_regiis.exe http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx

http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx

Solution 4

Run this in Command : aspnet_regiis.exe -pef "connectionStrings" "pathToWebConfig"

or , if you want this to run programatically you can create a Process :

            string fileName = @"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe";

            if (8 == IntPtr.Size
                || (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))))
            fileName = @"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe";

            string arguments = $"-pef \"connectionStrings\" \"{application.Path}\"";

            using (Process process = new Process())
            {
                process.EnableRaisingEvents = true;
                process.StartInfo = new ProcessStartInfo
                {
                    FileName = exeName,
                    Arguments = arguments,
                    UseShellExecute = false,
                    RedirectStandardOutput = true,
                    RedirectStandardError = true,
                    CreateNoWindow = true
                };

                process.Start();
                processOutput.Output = process.StandardOutput.ReadToEnd();
                bool exited = process.WaitForExit(timeoutMilliseconds);
                if (exited)
                {
                    processOutput.ExitCode = process.ExitCode;
                }
            }

Solution 5

Encryption is useful to give security to the application. Please find the following steps to encrypt web.config.

Open Command Prompt with Administrator privileges
At the Command Prompt, enter
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
In case your web Config is located in "D:\Articles\EncryptWebConfig" directory path, then enter the following to encrypt the ConnectionString:
ASPNET_REGIIS -pef "connectionStrings" "D:\Articles\EncryptWebConfig

I have use some other thing for more security. In my Web.config i have added following code.

 <httpProtocol>
        <customHeaders>
            <add name="x-Frame-Option" value="Deny or SEMEORGIN" />
          <remove name="Server" />
          <remove name="X-AspNet-Version" />
          <remove name="X-AspNetMvc-Version" />
          <remove name="X-Powered-By" />              
        </customHeaders>
  </httpProtocol>

View more solutions

59,765