Connectionstring
contains highly confidential information which we should secure carefully to
prevent any kind of misuse., To secure this confidential information we don't
need to write any addition code as we can do with ease in .Net. Below are the
steps to encrypt and decrypt connection string.
Let assume you have
a connection string as follows either in web.config or app.config.
Now go to below path
to access aspnet_regiis.exe
"%WinDir%\Microsoft.NET\Framework\<versionNumber>"
And run below
command
aspnet_regiis -pe "connectionStrings" -app
"/MyApplication"
The above command
with -app switch assumes that there is an IIS virtual directory called MyApplication. If you are using the Visual
Studio .NET 2005 Web server instead of IIS, use the -pef switch, which allows
you to specify the physical directory location of your configuration file.
aspnet_regiis.exe -pef "connectionStrings"
C:\Projects\MyApplication
Note: As above command only looks for web.config,
change your app.config name to web.config if you are using windows or console
application. Don't worry you will change your config name back to app.config
once this process is done.
If everything is
fine then you will see below message in command prompt.
And
your app.config or web.config will be like below.
You
can use below code to retrieve conntionstring, as ConfigurationManager will
take care of decrypting the password.
string
connectionString =
System.Configuration.ConfigurationManager.ConnectionStrings["testConn"].ConnectionString;
That’s
all to maintain secure connection string in web.config or app.config.
Note If
your ASP.NET application identity does not have access to the .NET Framework
configuration key store, the following message is returned:
Parser Error Message: Failed to decrypt using provider
'RsaProtectedConfigurationProvider'.
Error message from the provider: The
handle is invalid.
To grant access to the ASP.NET
application identity
- If you are not sure which identity to use, check the
identity from a Web page by using the following code:
using
System.Security.Principal;
...
protected void Page_Load(object sender, EventArgs e)
{
Response.Write(WindowsIdentity.GetCurrent().Name);
}
- By default,
ASP.NET applications on Windows Server 2003 run using the NT
Authority\Network Service account. Open a .NET command prompt, and use the
following command to give this account access to the
NetFrameworkConfigurationKey store:
aspnet_regiis -pa
"NetFrameworkConfigurationKey" "NT Authority\Network
Service"
If the command runs successfully you will see the
following output:
Adding
ACL for access to the RSA Key container...
Succeeded!
You can check the ACL of the file in
the following folder:
\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Your RSA key container file is the file in this folder with the
most recent timestamp.
To change the connectionStrings section back to clear text,
run the following command from the command prompt:
aspnet_regiis -pd
"connectionStrings" -app "/MyApplication"
If the command is successful, you will see the
following output:
To decrypt the connectionStrings section
that specifies a physical path to your application's configuration file, use
the -pdf switch as shown here.
aspnet_regiis -pdf
"connectionStrings" C:\Projects\MyApplication
