Jump to content


How To Handle Encryption Decription Of Connection String ?

  • Please log in to reply
1 reply to this topic

#1 markpeterson59


    New Member

  • Members
  • Pip
  • 1 posts
  • Gender:Male

Posted 14 October 2008 - 09:31 PM

Hi Friends,

I have created two functions that encrypt and decrypt the connection string in web.config. But whenever I want to use connection string. I have to always decrypt web.config and then again encrypt it back. Does there any other way which i can use.

I'm using section.SectionInformation.ProtectSection(" <encryption configuration provider> ") and section.SectionInformation.UnprotectSection()

#2 Dan_Maharry


    Active Member

  • O'Reilly Author
  • PipPip
  • 23 posts
  • Gender:Male
  • Location:UK

Posted 15 October 2008 - 01:16 PM

Hi Mark,

There are a couple of alternate ways to store a connection string securely. If you have access to the registry on the web server, you could actually store the encrypted connection string in the registry using the aspnet_setreg utility and reference it there. More details on that at http://support.microsoft.com/kb/821616.

You could also save the connection string in its own config file and then replace the connectionStrings element in web.config with

<connectionStrings configSource="~/connectionstrings.config" />

Remember if you save the new config file in App_Data or App_Code the server will not pass the file over on direct request.

Hope that helps, Dan.
Dan Maharry
Author, Programming ASP.NET 3.5
(home : blog : tumblr)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users