This tutorial will demonstrate how you can encrypt a connection string in the web.config file using ASP.NET 4.0 and C#.
Adding a Database
To demonstrate how to encrypt a connection string, we will need to create a simple web site with a database that we can connect to. At this point I have created a new ASP.NET Empty Web Site. To add the database:
Adding the ConnectionString
Now that our database is setup, we need to add a connection string to it in our Web.Config file. To do this, open up the Web.Config file for editing and add the following code between the <configuration> and <system.web> tags:
I just signed up at Server Intellect and couldn't be more pleased with my fully scalable & redundant cloud hosting! Check it out and see for yourself.
Encrypting the ConnectionString
Next, we need to add a web form to the project to which we can add some C# code to encrypt the connection string that we have added. To do this:
Testing
Next, all we need to do is load up the web site and ensure that our code to encrypt our connection string has executed. To do this, load up the web site. (Note: If you receive an error about opening the config file, ensure that you are running Microsoft Visual Studio as an administrator.) Once the web site is loaded and our code has executed, open up the Web.Config file again and notice that the connection string we added earlier has been encrypted. It should now look similar to this:
To demonstrate how to encrypt a connection string, we will need to create a simple web site with a database that we can connect to. At this point I have created a new ASP.NET Empty Web Site. To add the database:
- Right click the project in your solution explorer.
- Select add ASP.NET folder.
- Select App_Data.
- Right click the App_Data folder.
- Select add new item...
- Select a SQL Database.
- Name it 'Database.mdf'.
- Click add.
Adding the ConnectionString
Now that our database is setup, we need to add a connection string to it in our Web.Config file. To do this, open up the Web.Config file for editing and add the following code between the <configuration> and <system.web> tags:
<connectionStrings> |
I just signed up at Server Intellect and couldn't be more pleased with my fully scalable & redundant cloud hosting! Check it out and see for yourself.
Encrypting the ConnectionString
Next, we need to add a web form to the project to which we can add some C# code to encrypt the connection string that we have added. To do this:
- Right click the project in your solution explorer.
- Select add new item...
- Select a web form.
- Name it 'Default.aspx'.
- Open Default.aspx.cs up for editing.
- Add the following code to the Page_Load event method:
protected void Page_Load(object sender, EventArgs e)
{
//open the config file
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
//open the connection strings section
ConfigurationSection section = config.GetSection("connectionStrings");
//check to make sure it is not already encrypted
if (!section.SectionInformation.IsProtected)
{
//encrypt it with RSA Protection
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
//save the config file
config.Save();
}
}
Testing
Next, all we need to do is load up the web site and ensure that our code to encrypt our connection string has executed. To do this, load up the web site. (Note: If you receive an error about opening the config file, ensure that you are running Microsoft Visual Studio as an administrator.) Once the web site is loaded and our code has executed, open up the Web.Config file again and notice that the connection string we added earlier has been encrypted. It should now look similar to this:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"> |
No comments:
Post a Comment