ASP.Net MVC5:How to encrypt decrypt connection string in web.config

1
votes

Just read this article http://tutorialslink.com/Articles/Encrypt-and-Decrypt-Connection-Strings-in-Webconfig/52

they said if we use this command then connection string will be encrypted aspnet_regiis.exe -pef "connectionStrings" "<Path of the Folder containing the Web.Config file>" and say this command will decrypt the connection string aspnet_regiis.exe -pdf "connectionStrings" "<Path of the Folder containing the Web.Config file>"

but the problem is if we follow this approach it may not work when we host our web site in different pc.

so please tell me what approach we should follow to encrypt / decrypt connection string or any section in web.config which will work in any pc.

thanks in advance.

1
asp.netencryptionweb-config
Why would you want to do that in the first place? The connection string is supposed to be hidden from the outside anyway. - Baksteen
i want to do it even if anyone can hack web.config they will not be able to read db connection details easily. - Mist

1 Answers

1
votes

I don't know how sensitive your data is, but I suppose you could try the following:

  1. Encrypt the connectionString manually first (for instance, with AES(Rijndael)).
  2. Paste the encrypted string in your web.config.

  3. Decrypt the string in your code, using something like this

    private string getConnectionString()
{
    string encrypted = System.Configuration.
          ConfigurationManager.AppSettings["connectionString"];

    //Rijndael or any other form of decryption here...
    //.....
    //.....

    return decryptedString;
}

  4. Use the decrypted connectionString to connect to your database! :)