Encrypt and Decrypt Connection String in App.Config File in Windows / Console Applications

Introduction:

Here I will explain how to encrypt and decrypt connection string in app.config file in windows or console application using c#.net, vb.net. we can do encryption and decryption for connection string using aspnet_regiis.exe command line tool in file system website.

Description:

In Previous articles I explained add textbox items to listbox on button click in asp.net, difference between dispose and finalize methods in c#, vb.net, difference between page_load and page_init methods in asp.net, convert numbers or rupees to words in asp.net and many articles related to Asp.net, Gridview, SQL Server, Ajax, JavaScript. Now i will explain how to encrypt and decrypt connection string in app.config file in windows or console applications. 

Generally in all applications we will use connectionStrings section in web.config or app.config file to store database connection. The connectionStrings section contains sensitive information of database connections including username and password of database. Is it secured to store the sensitive information of database connections in plain text files called web.config and machine.config files? 

If we are using applications in our internal servers with security then it’s OK if we deploy our applications in shared host environment then we have chance to arise security problems to avoid these problems asp.net 2.0 provided built in protected configuration model functionality to encrypt or decrypt few sections of web.config file those are

RSAProtectedConfigurationProvider: This is default provider and uses the RSA public key encryption algorithm to encrypt and decrypt data.

DataProtectionConfgurationProvider: This provider uses windows data protection application programming interface to encrypt and decrypt the data.

The encrypting and decrypting of connection strings in app.config file will do by using aspnet_regiis.exe command line tool. Before we implement encryption and decryption in app.config file first we need to rename our app.config file to web.config because aspnet_regiis.exe command line tool will not recognize app.config for that reason temporarily we need to rename app.config file to web.config  

Once we rename app.config file to web.config open web.config file in application and add sample db connection in connectionStrings section like this 

<connectionStrings> <add name="dbconnection" connectionString="Data Source=SureshDasari;Integrated Security=true;Initial Catalog=MySampleDB"/> </connectionStrings >

After add dbconnection in connectionString check the below steps to encrypt or decrypt the connection string in web.config.

1.     1) Go to Start >> All Programs >> Microsoft visual studio 2008 >> Visual Studio Tools >> Visual Studio 2008 Command Prompt (Note: if you’re using windows 7 right click on command prompt and select Run as administrator)

2.  After open command prompt type the following command aspnet_regiis.exe -pef "connectionStrings" "C:\VisualStudio2008\Authorization"

Here –pef indicates that the application is built as File System website. Second argument connectionStrings indicates that name of the configuration section needs to be encrypted. The Third argument is the physical path of the folder where the web.config file is located.

3. After enter the command click enter if everything goes well we will get success message like “Encrypting configuration section… Succeeded!”

Now open your file and check connectionStrings in web.config file that would be like this

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>ZNUbIEnOwlZzC8qbzHj5F2GS9gLYSkWCIgCJGkrgZAX8A+8oEIssyohhxUKvAubD3jizFc5IjbLGt7HNXhoFhXNTUPYz2y6tdKJDVgDmtCgVf8Z2C990zoMRBJG+VXhmgnlo1vtHYhGx8x/bBzE1prT1+xDpep98vHF22d+LrVI=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>tODWlPD0Q/B/mP14GQ/5tUxcjmhHcy9a0oPunV5osNrMQRztgi2h5V6sxJOEh+NC+G9gQNkv1huXf1s7eoZRRLy5/LDtLXzzqMUOqLSlJUs9igChvi33c9XG4rwGF15Tpn4N34bpQBt94n0rpSkQ18V9HCPzii+UO64PlA+ykDeQhc9aQr4gO3mCfUzmY2S9gsXzRbzdq0oCWBDvx8UkX2uDxaysVHC9Fo7u6IrlpU0+hOdK95Y3/A==</CipherValue> </CipherData> </EncryptedData> </connectionStrings>

Here we don’t want to write any code to decrypt the encrypted connectionString in our application because .NET automatically decrypts it. If we want to use the connection string just call it like normal way

string strconnection = ConfigurationManager.AppSettings["dbconnection"].ToString();

Now if we want to decrypt connectionStrings section in web.config use the following command aspnet_regiis.exe -pdf "connectionStrings" "C:\VisualStudio2008\Authorization"

After command execute we will get message like “Decrypting configuration section… Succeeded!”

 

Now check your connctionStrings section in your web.config file you will see decrypted connection string. 

I hope it helps you to encrypt or decrypt connection string in app.config file.... Happy coding....

If you enjoyed this post, please support the blog below. It's FREE! Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

Subscribe by RSS Subscribe by Email