1

I have to deploy an asp.net mvc 3 website and its web.config contains database credentials.

After searching for a while, I found that one could place the connection string in a .cs file in App_Data folder, but if database password is changed, then the site needs to be recompiled.

Also I got to this link: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA , but the page says that the content is not retired.

Can someone please tell the updated practices to encrypt the connection string information in the web.config file.

Thanks.

Improve this question
1

2 Answers 2

Reset to default
2

Using an encrypt/ decrypt method on the particular web.config file still seems to be the preferred practice Classic implementation programmatically I don't think the practices of encrypting web.config has updated with MVC, other than, obviously, you can't use an Event button to call the method as in the above example. You want to map the Encrypt/Decrypt methods to a controller action.

 public ActionResult Encrypt()
    {
      ProtectSection("connectionStrings", "RSAProtectedConfigurationProvider");

       return View();
    } 


private void ProtectSection(string sectionName,
                        string provider)   {
Configuration config =
    WebConfigurationManager.
        OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section =
             config.GetSection(sectionName);

if (section != null &&
          !section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection(provider);
    config.Save();
}}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

That was probably true 3 years ago but the preferred practice is to move it out. See asp.net/identity/overview/features-api/…
0

To Encrypt Connection string in Web.Config files, We can follow these steps.

  • Open C:\Windows\System32\CMD.exe As Administrator

  • In CMD type CD C:\Windows\Microsoft.NET\Framework64\v4.0.30319 In CMD type aspnet_regiis.exe -pef connectionStrings “Path of the Folder containing the Web.Config file”

    Ex: aspnet_regiis.exe -pef “connectionStrings” “D://PROJECTS/SAMPLE_PROJECT”

  • Set to identity impersonate false for project web.config

 <system.web>
 <identity impersonate="true" />
 </system.web>

For Decryption, you can use the below command.

  • Open C:\Windows\System32\CMD.exe As Administrator
  • In CMD type CD C:\Windows\Microsoft.NET\Framework64\v4.0.30319

  • In CMD type aspnet_regiis.exe -pdf “connectionStrings” “Path of the Folder containing the Web.Config file”

    Ex: aspnet_regiis.exe -pdf “connectionStrings” “D://PROJECTS/SAMPLE_PROJECT”

Give thubms up to my article

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.