How to Encrypt connection string in web.config | How to Decrypt connection string in web.config

Introduction: In previous articles i explained How to encrypt and decrypt username,password and store in Sql Server database using asp.net and  Encrypt and Decrypt connectionString in web.config file using code in asp.net and How to Encrypt Query String in asp.net(C#, VB) | Encrypting and Decrypting Query String in asp.net(C#, VB). and 20 differences between Stored procedures and Functions in Sql Server and Validate and upload image files in asp.net and What is Page.IsValid and Page.Validate in Asp.net.
 Now i will explain How to Encrypt and  Decrypt or we can say encode and decode connection string in web.config.As we know connectionstring in the web.config file contains the most sensitive information. No one wants to disclose the information related to his database to all the users where the application is deployed. So in this case you can encrypt the connection string.

Implementation: Let's create an application to understand
  • Suppose your connection string  in web.config file look like:
<connectionStrings>
  <add name="MyDbCon" connectionString="Data Source=LocalServer;Initial Catalog=MyDataBase;Integrated Security=True" />
 </connectionStrings>

and In order to encrypt the connection string section in the web.config file follow the steps,

1. Go to Start -> All programs -> Microsoft Visual Studio 2010-> Visual studio Tools 
-> Microsoft Visual Studio Command Prompt(2010) 

2. Type following command in the command prompt, 

aspnet_regiis.exe -pef “connectionStrings” D:\Projects\MyProject 

Here “–pef” indicates that the application is built as File System website. The second argument is the name of configuration section that you want to encrypt. Third argument is the physical path where the web.config file is located. E.g. here in our case in D drive and the project name is MyProject. 

In case if you are using IIS base web site then the command will be, 

aspnet_regiis.exe -pe “connectionStrings” -app “/MyProject” 

Here ” –pe” indicates that the application is built as IIS based site. The second argument is the name of configuration section that you want to encrypt. Third argument “-app” indicates virtual directory and last argument is the name of virtual directory where application is deployed. 

If everything goes fine then you will receive a message “Encrypting configuration section…Succeeded!” 

Now to check open your web.config file and you can see that connection string is in encrypted form like:


<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
   xmlns="http://www.w3.org/2001/04/xmlenc#">
   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
     <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <KeyName>Rsa Key</KeyName>
     </KeyInfo>
     <CipherData>
      <CipherValue>BtkULhGibSbuUXf+Sj7Ji4K7KTCvZkCHD4V/2cF1uZBqRxaZJDEfNyZ6VfCyZSzzhALRyAwXe6BSF5If4X755sZzwPeIB5/T0Xbf4A3k/U5zVh8GEeEej3Su6N+qY4RBJWg6YxXRTY40fsBqb8jgwBEC3QpoR1T4OZBvhJtqZaI=</CipherValue>
     </CipherData>
    </EncryptedKey>
   </KeyInfo>
   <CipherData>
    <CipherValue>UUwuB9KVFnFwFHH85nBDe5hWoF0d1cDjA6ObR8U62zXh7NiRPLKNzCJe6LZN5+dhN986Vw9YPKldEJJK4MaNXkvI9pavHb/nY9Oeuhr/GjFAaThx9SEzgIO53TdYMqH0Fpg4ESfK0gCMvniX5cdvukCMETRnQxqXP3IoHaonADnsbzS9nE0drVHfF1E+v4LXtfiYjMLFH5XR88Vki+6R8gY8m3pks/RN</CipherValue>
   </CipherData>
  </EncryptedData>
 </connectionStrings>


Note: You do not have to write any code to decrypt this connection string in your application, because dotnet automatically decrypts it. You can still use the connection string where you want like. 
ConfigurationManager.ConnectionStrings["MyDbCon"].ConnectionString; 

In the same way if you want to decrypt the configuration section in web.config file use following command, 

For File System Application the command will be 

aspnet_regiis.exe -pdf “connectionStrings” D:\Projects\ MyProject 

For IIS based Application the command will be: 

aspnet_regiis.exe -pd “connectionStrings” -app “/MyProject”

Now over to you:
"If you like my work; you can appreciate by leaving your comments, hitting Facebook like button, following on Google+, Twitter, Linked in and Pinterest, stumbling my posts on stumble upon and subscribing for receiving free updates directly to your inbox . Stay tuned for more technical updates."
Previous
Next Post »

If you have any question about any post, Feel free to ask.You can simply drop a comment below post or contact via Contact Us form. Your feedback and suggestions will be highly appreciated. Also try to leave comments from your account not from the anonymous account so that i can respond to you easily..