What is the best practice for encrypting the connectionStrings section in the web.config file when using LINQ TO SQL?
+1
A:
If you feel the need to do so, you can just simply encrypt the <connectionStrings>
section of your web.config
file - it's a standard .NET procedure, all .NET code can deal with it - no problems:
or Google or Bing for it - you'll get thousands of hits.....
marc_s
2010-05-31 04:58:22
+3
A:
First of all, encrypting section in web.config/app.config is not specific to just Linq2Sql. .Net framework comes with special set of classes that lets you independantly encrypt/decrypt parts of web.config/app.config.
You can encrypt sections of your web.config using DPAPI provider. Nothing else need to change in your application. you still keep reading appsettings and conn. strings as usual. Use this code below to encrypt/decrypt parts of your config file.
//call: ProtectSection("connectionStrings","DataProtectionConfigurationProvider");
private void ProtectSection(string sectionName, string provider)
{
Configuration config =
WebConfigurationManager.
OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection(provider);
config.Save();
}
}
//call: UnProtectSection("connectionStrings");
private void UnProtectSection(string sectionName)
{
Configuration config =
WebConfigurationManager.
OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
}
this. __curious_geek
2010-05-31 05:02:56
or use the built-in aspnet_regiis utility to encrypt/decrypt .NET config file sections....
marc_s
2010-05-31 05:57:38
encryption using DPAPI uses local machineKey which is specific to local machine. When you deploy your app on server you might not have access to aspnet_regiis tool on server, or you might need to provide machineKey section in your web.config/app.config. So I'd recommend you do it by code.
this. __curious_geek
2010-06-04 04:34:13