Is there any way to secure the connection string in web.config file after deployment.
You could protect sensitive information by encrypting sections of the Web.config file.
To encrypt connection string information stored in the Web.config file
At the Windows command line, run the ASP.NET IIS registration tool (Aspnet_regiis.exe) with the following options:
The -pe option, passing it the string "connectionStrings" to encrypt the
connectionStrings element.
The -app option, passing it the name of your application.
The Aspnet_regiis.exe tool is located in the %systemroot%\Microsoft.NET\Framework\versionNumber folder.
The following code example shows how to encrypt the connectionStrings section of the Web.config file for an application named SampleApplication.
1. Creating connection string method and call in classes
Do you mean that you want to declare the connection string as a string parameter in your application's code and use the method to get it? This way is more secure, but when you want to change the connection string, you need to modify the source code and republish
it.
Rameezwaheed
2. placing connection string in web.config file and encrypt and decrypt it.
I prefer this approach.
Rameezwaheed
secondly if we encrypt the connection string then while calling the connection string we first need to decrypt it ?
If you encrypt the connection string with ASPNET_REGIIS, It’s very good to know that ASP.NET automatically decrypts the contents of the
Web.Config file when it processes the file. Therefore, no additional steps are required to decrypt the encrypted configuration settings. You can run your existing application by encrypting your
Web.Config file and it will run perfectly without any modification to your existing code.
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Contributor
2633 Points
1773 Posts
How to secure the connection string in web.config file after deployment
Jul 02, 2017 05:06 AM|Rameezwaheed|LINK
Hi,
Is there any way to secure the connection string in web.config file after deployment.
Thanks
Mark as an answer if it helps
All-Star
120166 Points
27994 Posts
Moderator
MVP
Re: How to secure the connection string in web.config file after deployment
Jul 02, 2017 05:54 AM|ignatandrei|LINK
You can encrypt it.
Contributor
5092 Points
1666 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 02, 2017 06:01 AM|francissvk|LINK
Normally, you can encrypt the connection string in web.config to fulfill your requirement.
https://msdn.microsoft.com/en-IN/library/dx0f3cf2(v=vs.85).aspx
Participant
990 Points
475 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 03, 2017 05:40 AM|zxj|LINK
Hi Rameezwaheed,
You could protect sensitive information by encrypting sections of the Web.config file.
To encrypt connection string information stored in the Web.config file
At the Windows command line, run the ASP.NET IIS registration tool (Aspnet_regiis.exe) with the following options:
The -pe option, passing it the string "connectionStrings" to encrypt the connectionStrings element.
The -app option, passing it the name of your application.
The Aspnet_regiis.exe tool is located in the %systemroot%\Microsoft.NET\Framework\versionNumber folder.
The following code example shows how to encrypt the connectionStrings section of the Web.config file for an application named SampleApplication.
https://msdn.microsoft.com/en-us/library/ms178372.aspx
https://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-Connection-String-in-AppConfig-file.aspx
Regards,
zxj
Contributor
2633 Points
1773 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 03, 2017 11:55 AM|Rameezwaheed|LINK
Thanks for reply,
May i encrypt the connection string without
aspnet_regiis
command or without command line . ?
Thanks
Mark as an answer if it helps
All-Star
48530 Points
18075 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 03, 2017 12:50 PM|PatriceSc|LINK
Hi,
You mean programmatically from your own app ? Try perhaps https://www.codeproject.com/articles/1057632/programmatically-encrypt-the-connection-string-in.
Contributor
2633 Points
1773 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 06, 2017 04:28 AM|Rameezwaheed|LINK
Thanks PatriceSC for your reply,
I simply need to secure the connection string which one approach will be the best.
1. Creating connection string method and call in classes
2. placing connection string in web.config file and encrypt and decrypt it.
secondly if we encrypt the connection string then while calling the connection string we first need to decrypt it ?
Thanking you,
Mark as an answer if it helps
Contributor
6490 Points
2525 Posts
Re: How to secure the connection string in web.config file after deployment
Jul 06, 2017 07:34 AM|Jean Sun|LINK
HI Rameezwaheed,
Do you mean that you want to declare the connection string as a string parameter in your application's code and use the method to get it? This way is more secure, but when you want to change the connection string, you need to modify the source code and republish it.
I prefer this approach.
If you encrypt the connection string with ASPNET_REGIIS, It’s very good to know that ASP.NET automatically decrypts the contents of the Web.Config file when it processes the file. Therefore, no additional steps are required to decrypt the encrypted configuration settings. You can run your existing application by encrypting your Web.Config file and it will run perfectly without any modification to your existing code.
Best Regards
Jean
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.