0

using asp4 mvc 3 building web app.

I am deploying a web app outside the company firewall, so I want to secure the connection string to the database in some way. The connection string is in the web config.

  1. Do I even need to do anything? Meaning is there already built in stuff, it will be sitting on Windows Server 2008, using IIS7.

  2. One option I have been looking at is using the asp_regiis.exe tool, but I have questions due to conflicting info in tutorials:

    a. If the code is on my box and I run the tool, do I need to rerun it after it is deployed to server?

    b. Some tutorials say the decrypt is built into the framework, so once I to the one time encryption using the tool, I don't have to worry about it, but one or two talk about how to decrypt, so I am not sure if it automated. Is it?

    c. Do I have to do any setup on the server at all, like tell the app pool it using an encrypted web config file?

  3. Is there a way to just encrypt the password? Maybe on creation of the model.edmx file? I am more than happy to delete it and recreate it if there is.

Improve this question

1 Answer 1

Reset to default
1

The best option would be to use the aspnet_regiis tool to encrypt the configuration, as per Walkthrough: Creating and Exporting an RSA Key Container.

To run down your list:

  1. Yes
  2. Good option!
    • a. You'll need to import the key container on the server, so it can decrypt the configuration. Remember to grant the apppool user access to the container.
    • b. Yes, decryption is automatic when your application starts up.
    • c. Apart from deploying the encrypted configuration and importing the key container, no.
  3. That would be cumbersome, as you'd have to manage the encryption keys yourself. Go with the encrypted configuration section instead.
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Am I correct in thinking importing the key container on a shared server to which I don't have access to command prompt is going to be awkward? "5.On the second server, open a Command Prompt window. and then enter the following command to change the directory to the .NET Framework version 2.0 directory:"
@RichardD yes. This approach requires that you have access to the server.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.