ansaurus

Question

Where do you store your connection strings?

Answer 1

+3 A:

Encrypt Connection Strings in VS 2005 .config Files

Raj 2010-07-30 18:26:21

Answer 2

+4 A:

Read:

Encrypting Configuration Information in ASP.NET 2.0 Applications

Basically, the ASP.NET infrastructure has the tools you need to encrypt, and the .NET configuration subsystem knows how to decrypt when needed - so there's really all already in there, ready for you to use!

To encrypt, you'd use the aspnet_regiis utility, something like this:

aspnet_regiis.exe -pef "connectionStrings" "C:\Inetpub\wwwroot\MySite"

And for decryption - nothing needs to be done, .NET handles this transparently for you.

UPDATE: those mechanisms for for ALL of .NET - they are part of the basic infrastructure of .NET. You can use these techniques and recipes for your console app or Windows service. Microsoft only provides tooling for the ASP.NET case to encrypt sections of web.config - but the API's and calls are there for everyone to use, in any kind of .NET app - done it myself, in anything from a console app, to a Windows service.

I have a small utility on my SkyDrive that comes with full .NET source that shows you how to encrypt any section of any .NET config file. Feel free to check that out and use it in your endeavours any way you see fit.

marc_s 2010-07-30 18:27:25

Why is everybody voting this up? The OP is not even working on ASP.NET!

Josh Stodola 2010-07-30 18:29:58

I guess if somebody answers and his rep is over 50k, he must be a genius who is always correct...? This is not a stab at marc_s; I see this happening all the time here and it is detrimental to the value of the community. It needs to stop.

Josh Stodola 2010-07-30 18:31:13

Marc_S,I am working on a client based application. Nothing to do with ASP .NET. From the looks of the utility, it looks like this is something that would work with IIS.

abhi 2010-07-30 18:34:19

@abhi and @Josh, have you tried the above?

Matthew Whited 2010-07-30 18:46:38

@Matthew,For a client application? What would be my parameters?

abhi 2010-07-30 18:59:02

@Matthew Of course I've tried it. It is implemented in every web app I have in production. However, it has nothing to do with this question! The OP (@abhi) is talking about a Windows application.

Josh Stodola 2010-07-30 19:06:19

http://www.dotnetprofessional.com/blog/post/2008/03/Encrypt-sections-of-WebConfig-or-AppConfig.aspx

Matthew Whited 2010-07-30 19:18:40

Of course you bigger issue may be with the fact these may be distributed apps. I'm fairly certain this uses the machines encryption key. But if you encrypt your config with a known key to the application so it can be distributed you will be less secure because people can just use your key to decrypt.

Matthew Whited 2010-07-30 19:23:23

@Josh Stodola, @abhi: these mechanisms work in ALL OF .NET - **NOT** just ASP.NET - so I hope my answer still is of some value to the OP.

marc_s 2010-07-30 20:23:49

@Josh Stodola: considering that my proposed solution **DOES** work for all .NET apps, I think your downvote is not appropriate.....

marc_s 2010-07-30 20:34:22

ansaurus

tags:

views:

answers:

Where do you store your connection strings?

related questions