encrypted connection string in web.config

2
votes

How can an encrypted connection string be read in the C# code when the encrypted connection string is kept in an external configuration file and specified by configSource attribute in the connectionStrings section of web.config of an asp.net application?

The external config file should only have connectionStrings node, but when it is encrypted, the configDataProvider node should also be present in the same file. And so it cannot be used in the configSource attribute.

I have encrypted connection strings and want to have it in external config file. How can this be handled?

Thanks for any pointers.

1
asp.netencryptionweb-configconnection-string
Did you try putting the connection string section in the external file and then encrypting it? - Oded
A little dated, but you can try this solution: Encrypting string in an external config for ASP.NET - Jeremy
If it is put in the external file and then encrypted it the configProtectedData node will be inserted after which it won't be readable using the configSource attribute. - Sam

1 Answers

4
votes

In your app.config:

<configuration>
    <connectionStrings configSource="foo.config" />
    ...
</configuration>

and in your foo.config:

<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
        <CipherData>
            <CipherValue>
                AQAAANCMnd8BFdE....
            </CipherValue>
        </CipherData>
    </EncryptedData>
</connectionStrings>

and in your code:

ConfigurationManager.ConnectionStrings["someKey"]