views:

474

answers:

1

I want to keep encrypted connection string and stmp information in the web.config.

can I store Connection String and SMTP information in web.config encrypted and where I need just decrypted and use?

OR

What is the point/event where i can encrypt the Connection String and SMTP and save in the web.config? (and if the changes happen in web.config in that, is existing session expired?)

What is the best solution?

Thanks

+1  A: 

It's easy to do with aspnet_regiis.exe- look at the pe/pd/pef and pdf options. You can also do it programmatically. It works by encrypting a specific configuration section. In your case that is the connectionStrings and smtp sections.

You can use either DPAPI or RSA and you can encrypt on either a machine wide basis or on a specific user account.

RichardOD
I am using this code when chaning using programmatically, but getting error, I am on development environment
Muhammad Akhtar
public void ProtectSection() { System.Configuration.Configuration config = ConfigurationManager.OpenExeConfiguration(Server.MapPath("~/Web.config")); ConfigurationSection section = config.GetSection("connectionStrings"); section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider"); section.SectionInformation.ForceSave = true; config.Save(ConfigurationSaveMode.Full); }
Muhammad Akhtar
can you plz check what is the issue, I shall be gratefull to ur effort
Muhammad Akhtar
What is the error you are getting? As a side issue if you are doing this inside your Web app, you should look into WebConfigurationManager.OpenWebConfiguration http://msdn.microsoft.com/en-us/library/ms151456.aspx
RichardOD
I am getting this error. An error occurred executing the configuration section handler for connectionStrings.
Muhammad Akhtar
OK- and what's the InnerException?
RichardOD
Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists.\r\n
Muhammad Akhtar
I am trying to implementing using http://msdn.microsoft.com/en-us/library/ms998283.aspx
Muhammad Akhtar
when I run this command aspnet_regiis -pe "connectionStrings" -app "/WebFarmRSA" -prov "CustomProvider" I am getting this error message "The Configuration for virtual path '/ConStringEncrypt' and site 'Default Web Site' cannot be opened"
Muhammad Akhtar
other than this command i am not getting any error, Plz help...... I am in trouble from last 2 days. Thanks
Muhammad Akhtar