Below is an encryption method contained in a separate class from the application web pages.
Public Class clsEncrypt Public sub Encrypt(ByVal HttpRequest As HttpRequest)
Dim configFile As System.Configuration.Configuration
Dim configSection As ConfigurationSection
configFile = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(HttpRequest.ApplicationPath)
configSection = configFile.Sections("connectionStrings")
configSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider")
configFile.Save()
End sub End Class
Will the above method encrypt the application's config file and using the entity frame work queries as below? Each web page has multiple webmethods that interact with the database.
Will the linq queries still work after invoking the configEncrypt.Encrypt method?
Will running the above code change the application config file connections section in the application or will it encrypt contents in memory when the webmethod is called?
If the above code would work, should the method be called each time a page loads that interacts with the database, for each webmethod that interacts with the database, or both?
Are there any things I should be aware of before running the application code on a remote server?
Hello, yes it will since you are referencing that same connection it will always be encrypted since it is in the web.config. However, a caveat you should be aware of is the encryption may need to be applied at the server side since the encryption keys on
the server most often will be different than on your own machine. Learned that one the hard way. So you run the command on the server in the command prompt using your example link:
Member
27 Points
84 Posts
Encrypt web config connections section for Entity Framework
Nov 18, 2016 02:58 PM|cowasaki|LINK
I am looking for a simple solution to encrypt an application's config file, the connections section by using code behind.
I've come across a method shown below. I have a few questions about using it. The source of this method came from https://visualstudiomagazine.com/articles/2009/06/11/encrypting-the-web-config-file.aspx.
Below is an encryption method contained in a separate class from the application web pages.
Will the above method encrypt the application's config file and using the entity frame work queries as below? Each web page has multiple webmethods that interact with the database.
//below code is in a webmethod
Dim configEncrypt as new clsEncrypt
configEncrypt.Encrypt(HttpContext.Current.Request)
Dim dbconnection as New MyEntities
then linq queries query the database tables..
Will the linq queries still work after invoking the configEncrypt.Encrypt method?
Will running the above code change the application config file connections section in the application or will it encrypt contents in memory when the webmethod is called?
If the above code would work, should the method be called each time a page loads that interacts with the database, for each webmethod that interacts with the database, or both?
Are there any things I should be aware of before running the application code on a remote server?
many thanks for any input..
All-Star
35169 Points
9930 Posts
Moderator
Re: Encrypt web config connections section for Entity Framework
Nov 18, 2016 06:26 PM|bbcompent1|LINK
Hello, yes it will since you are referencing that same connection it will always be encrypted since it is in the web.config. However, a caveat you should be aware of is the encryption may need to be applied at the server side since the encryption keys on the server most often will be different than on your own machine. Learned that one the hard way. So you run the command on the server in the command prompt using your example link:
Member
27 Points
84 Posts
Re: Encrypt web config connections section for Entity Framework
Nov 22, 2016 08:12 PM|cowasaki|LINK
one thing to note:
this piece of code did not work-
configSection.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider")
changed it to this and it worked-
configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")