C# SQL) How to encrypt connectionstring of web.config to Azure SQL database? (and import the key into Azure SQL database for decryption?)

0
votes

The Architecture of my software is,

WPF (Windows desktop application on users' computers) - WCF web role(Windows Communication Foundation) on Azure Cloud Service (Here, the connectionstring to Azure SQL database exists)- Azure SQL Server(Azure SQL database).

According to my knowledge, new feature like 'database.secure.windows.net' can be included recently in connectionstring to Azure SQL database..

So, I've changed the connectionstring of my application as included the 'secure' in connectionstring as above and through this I can access to Azure SQL database successfully without any problem as before.

If we configure our connectionstring with 'secure.windows.net', is there no need to worry about connectionstring to be exposured?

If still, I need to encrypt my connectionstring to Azure SQL database, then how can I implement this?

How can I encrypt(maybe, RSA ?) ?

In the way of trying to encrypt, I've learned about RSA encryption little bit but not quite enough.

And the most important thing I want know is, if I've encrypted with RSA container or makecert.exe (certificate), how can I export the RSA container or the certificate to Azure SQL database(Azure SQL server) so that Azure SQL database(Azure SQL server) can decrypt the encrypted connectionstring to allow accesses from client applications?

P.S) According to Microsoft Azure's official document, DPAPI and RSA are not supported with Azure and we have to use another protected configuration provider like PKCS12 ProtectedConfigurationProvider.

Because my major is not related to software but bio-chemistry, an explanation in detail will be greatly appreciated !

Thank you so much !

2
c#sqldatabaseazureencryption

2 Answers

0
votes

you can use protected sections, 

Configuration config = 
  ConfigurationManager.OpenExeConfiguration(
  ConfigurationUserLevel.None);
ConfigurationSection section = 
  config.GetSection("connectionStrings");

if (!section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection();
}
section.SectionInformation.ForceSave =true;
config.Save(ConfigurationSaveMode.Modified);

I do this either in the installer, the build or on app start, depending on ease.

See here https://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx for more detail.

The secure. url just means that the connection is within an ssl tunnel, thereby the data is transmitted encrypted.

0
votes

I've finally succeeded in encrypting connectionstring and connecting to Azure SQL database after almost 1 month of struggling. Rather than DPAPI, RSA ProtectedConfigurationProvider, we can encrypt through PKCS12ProtectedConfigurationProvider and connect to Azure. There's also some Microsoft's expired older blog but this link of TechNet(Microsoft) is still available. http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx#_Download_and_Compile

And we need to install the PKCS12 provider correctly through NUGET and need to install the certificate on the New Azure Portal in the course of making new cloud service.

I hope my difficult experience helps someone who has to solve some problem like mine.

Thank you !