1

I have created a application with c#. I define a connection string in app config file. Here is my app config file code:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <startup useLegacyV2RuntimeActivationPolicy="True">
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
  </startup>
  <appSettings>
    <add key="con" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\myFolder\Mydb.mdb;Persist Security Info=True;Jet OLEDB:Database Password=bd1234" />
  </appSettings>
</configuration>

I want to create that code to this following format and encrypted password value.

<?xml version="1.0"?>
<configuration>
  <configSections>
  </configSections>
  <appSettings>
    <add key="ServerName" value="user"/>
    <add key="Provider" value="Microsoft.Jet.OLEDB.4.0"/>
    <add key="Data Source" value="C:\myFolder\Mydb.mdb"/>
    <add key="Persist Security Info" value="True"/>
    <add key="Jet OLEDB:Database Password" value="*******"/>
  </appSettings>
  <startup useLegacyV2RuntimeActivationPolicy="true">
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
  </startup>    
</configuration>

How can i do that?

cl0ud
  • 1,524
  • 11
  • 27
Deb Kumer
  • 33
  • 1
  • 5
  • use this. https://www.c-sharpcorner.com/article/encrypt-and-decrypt-connectionstring-in-web-config-file/ – Deepak Kumar Oct 03 '18 at 07:09
  • https://stackoverflow.com/questions/1706613/encrypting-connection-string-in-web-config – Deepak Kumar Oct 03 '18 at 07:09
  • couple of ways you can do this. you can use connectionStrings configuration section and encrypt the whole section , or you can use any of the encrypt decrypt algorithm to do this task , or even you can create your own algorithm to go the encryption – Arunprasanth K V Oct 03 '18 at 07:09
  • 3
    Possible duplicate of [Encrypting Connection String in web.config](https://stackoverflow.com/questions/1706613/encrypting-connection-string-in-web-config) – Arunprasanth K V Oct 03 '18 at 07:10
  • To perform it. This [link](https://stackoverflow.com/questions/5522879/encrypt-password-in-app-config) may be help you. – ksdev Oct 03 '18 at 07:22
  • Below link may be lep you. https://stackoverflow.com/questions/5522879/encrypt-password-in-app-config – ksdev Oct 03 '18 at 07:24
  • If you want to hide the connection string from the app.config you also have the option of storing the connection string in an environment variable on the machine and reading that out in the code when you need it – cl0ud Oct 03 '18 at 07:24

2 Answers2

0

Good question.

Ideally, if you can use windows authentication, this will solve your issue without having to protect your config file.

Try adding the following:

 <add key="con" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\myFolder\Mydb.mdb;Persist Security Info=False;Integrated Security=SSPI;Jet OLEDB:Database" />

Here is an MSDN doc with more details: https://learn.microsoft.com/en-us/visualstudio/ide/managing-application-settings-dotnet?view=vs-2017

If you do need to protect your app config, you can use the .NET famework "ProtectSection" function which will encrypt your config file (using machine.config key), and your application will be able to access the config details, but it is not easily visible.

Given the security implications it is worth having a detailed look of how it works: https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings-and-configuration-files

Russell
  • 17,481
  • 23
  • 81
  • 125
-1

Have you tried below?

 string value = System.Configuration.ConfigurationManager.AppSettings[key];

Requires add reference System.Configuration

enter image description here

if you know that how you will do the encryption then you can save the encrypted password following this way

How to update app settings key value pair dynamically on app.config file in c# winforms

To do the encryption and save the app settings follow the link of @ksdev

Encrypt password in App.config

Tajuddin Khandaker
  • 660
  • 6
  • 20
  • The OP is asking about protecting their password from the config file. – Russell Oct 03 '18 at 07:18
  • I understood it's not specific answer but the contributor asked what code should be written to generate app settings to expected format. I think encryption is not a problem here he asked. @ksdev has the more specific link to guide in this case. What do you think? – Tajuddin Khandaker Oct 03 '18 at 07:37