2

I have searched for an encryption method for storing and retrieving database username and password in web.config, but most of the posts are discussing only about creating a function to encrypt text but not storing as well as retrieving it.

Is there an inbuilt function to encrypt text in C# using a password phrase? I could not find any.

Now I use function given in one of the SO posts for encryption and decryption, but I see some special characters in the encrypted text. If I want to store the encrypted text in web.config the value should be html compliant.

I would be interested in any other approach for both storing and retrieval scenarios.

Improve this question
3
  • you dont want to save any username/password to the web.config. Why would you want that? Commented Aug 18, 2013 at 7:12
  • i store connection string in web.config to connect to the database. instead of storing the db pwd in connection string as plain text i want to store it encrypted Commented Aug 18, 2013 at 10:26
  • If you are wanting to protect your credentials from being stolen by a hacker, but your web app can decode them, then a hacker could just decode them herself using your decryption code and decryption password. I am not sure whether this is an increase in security. Commented Aug 21, 2019 at 8:06

2 Answers 2

Reset to default
1

You can use Data Protection API to encrypt your data. That data could be decrypted only under current windows user account on this computer.

So, if you create a separate account for you web application pool, only web app would be able to encrypt and decrypt that data.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks alex. the data protection API is bit complex for my level. i thought its a basic scenario in asp.net development. store a pwd encrypted in web.config and retrieve
0

how about the encrypt/decrypt methods in this example

then

string conn = Decrypt(ConfigurationManager.ConnectionStrings[ConnString].ConnectionString);
Improve this answer

2 Comments

i do have the encrypt/decrypt functions as in the link. but the output of encrypt has special characters like slash etc..so i was afraid if it would decrypt correctly. and i was wondering if there is any better method
have you tested it to see if it successfully decrypts those characters?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.