2

I know how to use System.Configuration.SectionInformation.ProtectSection to encrypt and decrypt connection string in app.config (VS 2010, C#, .Net 3.5), however I suppose that any one who know this method can take the encrypted string and decrypt it, right?

If not, please tell me why. If yes, is there any work around? I searched but could not find any help.

pquest
  • 3,151
  • 3
  • 27
  • 40
  • Possible duplicate of http://stackoverflow.com/questions/7324258/is-configurationmanage-section-sectioninformation-protectsection-machine-de which has a really good answer. Does that answer your question? – Dr Rob Lang Sep 27 '16 at 12:45
  • no, not what I need. –  Sep 27 '16 at 12:46
  • Why the sql tag? (I see no SQL connection at all.) – jarlh Sep 27 '16 at 12:47
  • Have you looked into RSA? `new System.Security.Cryptography.RSACryptoServiceProvider()` – Matthew Sep 27 '16 at 12:49
  • No, because the encryption key is stored on your PC. So 'any one' would need to have access to your computer to decrypt the section. As explained in the link provided by @RobLang – stuartd Sep 27 '16 at 12:49
  • I've popped an answer in for clarity, in case anyone else asks the question in the same way. – Dr Rob Lang Sep 27 '16 at 12:51

2 Answers2

1

When a string is encrypted it uses a certificate installed on the machine to perform the encryption so you would need the string and the machine key to decrypt it.

The full instructions on encrypting sections of the configuration are on MSDN.

Dr Rob Lang
  • 6,659
  • 5
  • 40
  • 60
0

To decrypt connection string info you can use below method:

Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
   section.SectionInformation.UnprotectSection();
   config.Save();
}

Read the full information from this article.

Navoneel Talukdar
  • 4,393
  • 5
  • 21
  • 42