tags:

views:

39

answers:

1
+1  Q: 

Protecting connection strings during dev

We need to protect connection strings during development. On servers we use DPAPI which works fine. DPAPI is not an option during dev since the connection strings will need to be decrypted on many machines.

Some of the user names/password used for dev are rather sensitive and we don't want them floating around. It's fine for all the devs to be able to decrypt them, just want to ensure that if someone else gets their hands on the dev config files that person can't decrypt the connection strings. Using all service accounts instead of sensitive username/password is not an option due to external constraints.

My first inclination is to use the RSA provider for encrypting and installing the cert on the dev machines.

So my questions are;

1) How do you approach this issue?

2) If you take the RSA approach is there more up-to-date documentation than this

Thanks

A: 

Well after more research we went with the RSA approach. Found some more updated documentation here. If you are going down this road make sure you read everything RSA related in that link. Below are the steps we used if anyone is interested...

--FIRST TIME ONLY

-create the key container, making it exportable

aspnet_regiis -pc "MyKeys" -exp

-add this section to config file

<configProtectedData>
  <providers>
    <add name="RsaProvider"
         type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,&#xD;&#xA;                    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,&#xD;&#xA;                    processorArchitecture=MSIL"


         keyContainerName="MyKeys"
         useMachineContainer="true" />
  </providers>
</configProtectedData>

-encrypt the connection strings

aspnet_regiis -pef "connectionStrings" "C:\Working\MyApplication" -prov RsaProvider

-give out the config file

-to decrypt

aspnet_regiis -pdf "connectionStrings" "C:\Working\MyApplication"

-export keys (will create keys.xml)

aspnet_regiis -pc "MyKeys" -exp

--On some other machine

-save keys.xml somewhere

-import the keys. make sure the name (e.g. MyKeys) is the same

aspnet_regiis -pi "MyKeys" keys.xml

-delete keys.xml!!!!!!!!!!!!!!

-give permissions to the service account if running as part of a webapp

e.g. aspnet_regiis -pa "PcscDev" "ASPNET"

Christopherous 5000  2010-09-24 22:57:12

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?