I have a WPF application with connections strings stored in the App.config. What is the best way of encrypting these connection strings in a click-once deployment?
Thanks
+3
A:
If this is a connectionString that will be configured and used on a single computer (not shared across multiple computers) by an instance of your application, you can use the .NET managed wrapper of the DPAPI (Data Protection API) - the ProtectedData class (System.Security.Cryptography).
A neat trick you could also use (should you decide to use this class) is to create extension methods for Encoding and Decoding a string, so the operations become as simple as:
string encodedString = myConnectionString.EncodeString();
string decodedString = encodedString.DecodeString();
Hope this helps!
Pwninstein
2009-05-21 03:06:04
But in this approach the configuration file on the server has the connection strings in clear text and it goes to the clients in clear text across the wire, correct? And when would I do the encryption/decryption in a clickOnce scenario?
Gustavo Cavalcanti
2009-05-21 03:50:06
Ah, I see. I would check out some of the other System.Security.Cryptography classes that are available to see if you can encrypt your connection string using some sort of pre-shared key, and decrypt it on your client app using that same key. http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx Good luck!
Pwninstein
2009-05-21 12:33:54
A:
I've asked a similar question here with other interesting answers
Gustavo Cavalcanti
2009-05-22 05:30:07