3

I am working with C# & WPF and, of course, an app.config file. I have not been able to find an example of encrypted connection strings, stored in the app.config. There's plenty of examples for ASP.NET and web.config but nothing solid for app.config. The only examples I have come across clearly state that the string is only "decode-able" (is that even a word?) on the same machine that it was first encrypted on. Are there any viable options for working with encrypted connection strings (or other data) in an app.config?

Unknown Coder
  • 6,625
  • 20
  • 79
  • 129

1 Answers1

5

Encrypt ConnectionStrings in App.config

private void ProtectSection(String sSectionName)
{
    // Open the app.config file.
    Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
    // Get the section in the file.
    ConfigurationSection section = config.GetSection(sSectionName);
    // If the section exists and the section is not readonly, then protect the section.
    if (section != null)
    {
    if (!section.IsReadOnly())
        {
        // Protect the section.
            section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
            section.SectionInformation.ForceSave = true;
            // Save the change.
            config.Save(ConfigurationSaveMode.Modified);
         }
     }
}
Mitch Wheat
  • 295,962
  • 43
  • 465
  • 541
  • 1
    I've come across examples like this before. BUT my understanding is that the sections can only be encrypted and then unencrypted on the same machine. So it wouldn't work in a distributed application. – Unknown Coder Feb 12 '11 at 01:27
  • From [this article](http://guy.dotnet-expertise.com/PermaLink,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx) it looks like this approach works on distributed apps. – Tom Dudfield Feb 12 '11 at 10:37
  • That's why the code is there. I've removed first link and updated second. – Mitch Wheat Mar 21 '13 at 00:20