0

I am using below configuration setting for session management on Redis. Now due to some security reasons I need to encrypt the connection string.
What is the way to doing this.
Below is the configuration which I am using in my web config file.

<sessionState mode="Custom" customProvider="MySessionStateStore">
  <providers>      
     <add applicationName="testapp" loggingClassName="Logger" 
          loggingMethodName="Log"   
          connectionString="x.x.x.x:6381,x.x.x.x:6381,x.x.x.x:6381,
          ssl=false,password=xxx" name="MySessionStateStore" 
          type="Microsoft.Web.Redis.RedisSessionStateProvider" 
          host="" accessKey="" ssl="true" />
  </providers>
</sessionState>

Edit 1

The is no other code in my project where I can decrypt the connection string. I wanted to know that only.
Do I require to overwrite any class or is there any way?

शेखर
  • 17,412
  • 13
  • 61
  • 117
  • kindly leave the comment if you down vote. – शेखर Feb 05 '19 at 08:25
  • Possible duplicate of [Encrypting Connection String in web.config](https://stackoverflow.com/questions/1706613/encrypting-connection-string-in-web-config) – 4b0 Feb 05 '19 at 08:31
  • Note: SE.Redis itself doesn't have anything to do with config files - it literally doesn't have code to even look; anything related to config files is some higher level provider, presumably some kind of "asp.net redis session-state provider", *not* SE.Redis; what you're probably looking for here is "encrypting arbitrary web.config sections", but I don't know anything about that – Marc Gravell Feb 05 '19 at 08:49
  • @MarcGravell thanks for clarifying. – शेखर Feb 05 '19 at 11:45
  • Sounds like you need to extend Microsoft.Web.Redis.RedisSessionStateProvider so you can read in the config and init your custom provider. – Edd Feb 09 '21 at 14:13

0 Answers0