5

I have below connection strings in web config file:

 <connectionStrings>
    <add name="ConString2" connectionString="Data Source=testdb;Persist Security Info=True;User ID=test;Password=test;Unicode=True;" providerName="System.Data.OracleClient"/>
    <add name="ConString3" connectionString="Data Source=testdb;Persist Security Info=True;User ID=test;Password=test;Unicode=True;" providerName="Oracle.DataAccess.Client"/>
  </connectionStrings>

I want to keep connection string in encrypted format and when I use to fetch the data from database I want to decrypt connection and connects to DB.

vhu
  • 12,244
  • 11
  • 38
  • 48
user1463065
  • 563
  • 2
  • 11
  • 30
  • Have a Look : http://www.codeproject.com/Tips/795135/Encrypt-ConnectionString-in-Web-Config – Tushar Gupta Jul 27 '15 at 07:07
  • One way to do is [Encrypt web.config file using DataSource Controls](https://msdn.microsoft.com/en-us/library/ms178372.aspx) – Nad Jul 27 '15 at 09:01

2 Answers2

2

Please check this link https://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.85).aspx

This is the default handling of connection using IIS. You can do custom encryption. e.g. take any encrpytion tool and encrypt the connection. Just before passing the connection string. Decrypt it.

Password encryption/ decryption code in .NET

Community
  • 1
  • 1
Mahesh Malpani
  • 1,782
  • 16
  • 27
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – hlt Jul 27 '15 at 08:16
  • thanks for your suggestion. Will make a note of it. Above command are given, so will take your point for future reference. – Mahesh Malpani Jul 27 '15 at 09:02
2

you can encrypt web config file by the help of "aspnet_regiis.exe".this file is locate under following location: %WinDir%\Microsoft.NET\Framework\

so change your command prompt directory to above location then type :

 aspnet_regiis.exe -pef section physical_directory
  -- or --
aspnet_regiis.exe -pe section -app virtual_directory

example: 

aspnet_regiis.exe -pef "connectionStrings" "C:\folder_where_webconfig_file_exit"

and ASP.Net will handle the decryption of the connection string.

for more information follow these links:

http://www.asp.net/web-forms/overview/data-access/advanced-data-access-scenarios/protecting-connection-strings-and-other-configuration-information-cs

http://weblogs.asp.net/sreejukg/securing-sections-in-web-config

Rojalin Sahoo
  • 1,025
  • 1
  • 7
  • 18