ASP.NET: Encrypt connectionStrings section of web.config

Web.Config
<configuration>
    <connectionStrings>
        <add name="ConnString" connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|MyDatabase.mdf;Integrated Security=True;User Instance=True" />
    </connectionStrings>
</configuration>


The easiest way to encrypt the <connectionStrings> section is to use the aspnet_regiis command-line tool.
This tool is located in the following folder:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

Executing the following command encrypts the <connectionStrings> section of a Web.Config file
located in a folder with the path c:\Websites\MyWebsite:
   
    aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.

You can decrypt a section with the -pdf option like this:
    aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"


ASP.NET page can read the value of the connection string by using the <%$ ConnectionStrings:ConnString %> expression

No comments:

Post a Comment