1

I have An Asp.net MVC Application With VS.Net2013 in my webconfige file i have connection string Section like this:

 <connectionStrings>
    <add name="ConnectStrNL" connectionString="server=192.168.0.71\ins1;database=FNHProvider;MultipleActiveResultSets=true;persist  security info=True;User ID=general;Password=123;" />
    <add name="connectionStringGeneral" connectionString="server=192.168.0.254;database=NFS;MultipleActiveResultSets=true;persist security info=True;User ID=General;Password=*******;" />
</connectionStrings>

i wanted to Hide User And Pass Of Databases From Every one. and also i have limitation not to use this method (aspnet_regiis.exe -site "EncryptDemo" -app "/" -pe "connectionStrings")

Improve this question
1
  • try this Integrated Security=True instead of this user id=general;password=Abc123456" Commented Sep 28, 2014 at 7:33

1 Answer 1

Reset to default
4

There are 2 basic things that you can do if you don't want your password to be in the configuration file:

  1. Use Windows authentication. This should always be you preferred approach unless there are some reasons why you cannot use Windows authentication and you are forced to use SQL authentication

  2. Encrypt the connection string. Since you cannot use aspnet_regiis_exe, as you mentioned in the question, you can encrypt the section from the code. The below code should be run once at the start of the application:

    using System.Web.Configuration;
using System.Web.Security;
using System.Configuration;

public void EncryptConnString()
{
    Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
    ConfigurationSection section = config.GetSection("connectionStrings");
    if (!section.SectionInformation.IsProtected)
    {
        section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
        config.Save();
    }
}

The code was taken from this site, you can find more information there.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

i have another question Request.ApplicationPath doesn't work For me
If the request is done not in the scope of request you should probably use "/" instead of Request.ApplicationPath
There are automatic encryptions here and here

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.