Click here to Skip to main content
Click here to Skip to main content

Encrypting the app.config File for Windows Forms Applications

, 17 Apr 2007
Rate this:
Please Sign up or sign in to vote.
Encrypting the app.config file for Windows Forms Applications

Introduction

ASP.NET offers the possibility to encrypt sections in the web.config automatically. It seems it is not possible for WinForm applications to do that for the app.config. And this is true for a part: WinForms does not offer tools to configure it. But it can be done. It is all .NET. Isn't it? So how do we do it? Read on and see how.

Using the Code

First let me explain something about the configuration files in .NET. The app.config and web.config are divided into sections. The encrypting and decrypting operations are performed on sections and not on the file as a whole.

Developers can extend a configuration file by defining custom sections. This can be done by adding a section tag to the configSections element or the sectionGroup element like in the example below. The name attribute of section element specifies the name of the new section. The type attribute specifies the handler that processes the configuration section: it gets the data out of the section. As you can see in the example below, I implemented both scenarios.

<?xml version="1.0" encoding="utf-8" ?>
<configuration> 
    <configSections>
        <section name="Vault" 
                 type="System.Configuration.NameValueSectionHandler" />
        <sectionGroup name="applicationSettings" 
                    type="System.Configuration.ApplicationSettingsGroup, System, 
                    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
            <section name="EncryptConnStringsSection.My.MySettings" 
                    type="System.Configuration.ClientSettingsSection, System, 
                    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
                    requirePermission="false" />
        </sectionGroup>
    </configSections>
    <connectionStrings>
        <add name="EncryptConnStringsSection.My.MySettings.testConn"
            connectionString="Data Source=someserver;Initial 
                             Catalog=ProjectX_Dev;Integrated Security=True" />
    </connectionStrings>

Now that I have explained how to create sections in the app.config, let's go on to show how to encrypt a section. It is really a simple operation. And once a section has been encrypted, you do not have to worry about decrypting it. The .NET Framework does it automatically for you. It is a transparent operation and works as if you did not encrypt the section.

The configuration namespace contains a class that represents a section. This class is called ConfigurationSection. A member of this class is the ElementInformation property. This property gets information about a section and it has the method ProtectSection defined on it. This method encrypts the section. Out of the box, there are two encryption algorithms supported via providers:

  • DPAPIProtectedConfigurationProvider
  • RSAProtectedConfigurationProvider

The default provider is RSAProtectedConfigurationProvider. You use the default provider by passing nothing/null as a parameter to the ProtectSection method.
I wrote the following class to demonstrate this method:

Imports System.Configuration

''' <span class="code-SummaryComment"><summary></span>
''' This class protects (encrypts) a section in the applications configuration file.
''' <span class="code-SummaryComment"></summary></span>
''' <span class="code-SummaryComment"><remarks>The <seealso cref="RsaProtectedConfigurationProvider"/> </span>
''' is used in this implementation.<span class="code-SummaryComment"></remarks></span>
Public Class ConfigSectionProtector

    Private m_Section As String

    ''' <span class="code-SummaryComment"><summary></span>
    ''' Constructor.
    ''' <span class="code-SummaryComment"></summary></span>
    ''' <span class="code-SummaryComment"><param name="section">The section name.</param></span>
    Public Sub New(ByVal section As String)
        If String.IsNullOrEmpty(section) Then _ 
            Throw New ArgumentNullException("ConfigurationSection")

        m_Section = section
    End Sub

    ''' <span class="code-SummaryComment"><summary></span>
    ''' This method protects a section in the applications configuration file. 
    ''' <span class="code-SummaryComment"></summary></span>
    ''' <span class="code-SummaryComment"><remarks></span>
    ''' The <span class="code-SummaryComment"><seealso cref="RsaProtectedConfigurationProvider" /> </span>
    ''' is used in this implementation.
    ''' <span class="code-SummaryComment"></remarks></span>
    Public Sub ProtectSection()
        ' Get the current configuration file.
        Dim config As Configuration = ConfigurationManager.OpenExeConfiguration
                        (ConfigurationUserLevel.None)
        Dim protectedSection As ConfigurationSection = config.GetSection(m_Section)

        ' Encrypts when possible
        If ((protectedSection IsNot Nothing) _
        AndAlso (Not protectedSection.IsReadOnly) _
        AndAlso (Not protectedSection.SectionInformation.IsProtected) _
        AndAlso (Not protectedSection.SectionInformation.IsLocked) _
        AndAlso (protectedSection.SectionInformation.IsDeclared)) Then
            ' Protect (encrypt)the section.
            protectedSection.SectionInformation.ProtectSection(Nothing)
            ' Save the encrypted section.
            protectedSection.SectionInformation.ForceSave = True
            config.Save(ConfigurationSaveMode.Full)
        End If
    End Sub
End Class 

As you can see, this class also has a method ProtectSection. Basically it gets section information out of the app.config and checks if it can be encrypted. If so, it protects the section using the default encryption provider and it saves it. And it's done.

It is simpler to protect or unprotect connectionstrings. It can be done with the following code sample:

' Connection string encryption
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration
                    (ConfigurationUserLevel.None)      
config.ConnectionStrings.SectionInformation.ProtectSection(Nothing)
' We must save the changes to the configuration file.
config.Save(ConfigurationSaveMode.Full, True)  

History

  • 30-03-2007: Initial version
  • 12-04-2007: Added a link to my blog. Maybe you will like it. Let me know, please.
  • 18-04-2007: Updated the example project
  • 21-04-2007: Updated last code example

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

TRON
Web Developer
Netherlands Netherlands
Name : A.C.F. de Ron B ICT (Ton)
Position : Senior System designer
Date of birth : 15-12-1971
Nationality : Dutch
Language : Dutch, English
Experience since : 1996
Blog : http://www.tronsoft.nl
Summary :
 
After my study Business Administration Informatics at the University for Economic Studies, In gained experience as a Database Designer, Software Developer, Software Engineer, Tester and .NET coach. With Centura Team Developer I built several applications for social care foundations and for the life insurance branch, e.i. Winterthur and Zwisterleven.
 
Also I worked for Philip Morris Holland where I maintained and developed on the specification system for cigarettes. Also I worked there on .Net projects which aided production logistics. At this moment I work for Unilever Research where I designed and implemented a formulation creation tool and a monitor stock administration application using .Net 2.0 and Visual Studio.Net 2005.

Comments and Discussions

 
QuestionWorth updating this example PinmemberBrian23330-Apr-14 7:02 
QuestionSmall Query About Encrypion. Pinmemberchandan028521-Sep-13 23:43 
QuestionError To decrypt [modified] PinmemberEdison J Romo R13-Sep-13 13:41 
QuestionYou suck. Pinmembersunayv20-Jun-13 1:03 
GeneralMy vote of 1 PinmemberB.Farivar23-Apr-13 19:45 
QuestionWay to encrypt the config file PinmemberMember 333565330-Sep-11 8:34 
QuestionNot working inside IDE PinmemberPravesh Koirala 10811-Aug-11 1:32 
AnswerRe: Not working inside IDE PinmemberTRON11-Aug-11 21:58 
GeneralRe: Not working inside IDE PinmemberPravesh Koirala 10812-Aug-11 16:29 
Generalerror : "Extension names must be unique" Pinmemberdonet0123-Aug-10 6:56 
GeneralRe: error : "Extension names must be unique" [modified] Pinmembervikrantislav8-Dec-10 9:12 
GeneralRe: error : "Extension names must be unique" Pinmembervikrantislav9-Dec-10 8:59 
Question.pfx file Pinmemberraland16-Oct-08 22:33 
AnswerRe: .pfx file PinmemberTRON20-Oct-08 10:07 
GeneralMS Example on how encrypt winforms app.config Pinmemberpeterpan2561-Sep-08 4:17 
QuestionDeploy problem Pinmemberluc_favaro20-Aug-08 9:15 
AnswerRe: Deploy problem PinmemberTRON21-Aug-08 11:25 
GeneralProblem with this implementation... PinmemberDaveBlack8-Oct-07 11:29 
GeneralRe: Problem with this implementation... PinmemberTRON9-Oct-07 6:18 
GeneralRe: Problem with this implementation... Pinmemberkevinlkingma18-Jul-08 3:42 
GeneralRe: Problem with this implementation... PinmemberEd Gadziemski30-Jul-08 12:01 
GeneralRe: Problem with this implementation... Pinmembert.alkahtiri7-Nov-13 0:03 
QuestionHow do I encrypt this config file? PinmemberHenkVanTol4-May-07 4:46 

Hi,
Thank you for the helpful article, I'm however having trouble encrypting a WSE 3.0 wse3PolicyCache.config configuration file. I need to secure the user name and password in this file.
The problem is the code below returns null for the config.GetSection(sectionName) if I pass in either "policy" or "policies" as the section name.
 
string sectionName = "policy";
Configuration config = ConfigurationManager.OpenExeConfiguration(configPath);
ConfigurationSection protectedSection = config.GetSection(sectionName);
 
Here is the configuration file:
 
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
   <extensions>
      <extension name="usernameOverTransportSecurity" type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <extension name="username" type="Microsoft.Web.Services3.Design.UsernameTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
   </extensions>
   <policy name="ClientSecurityPolicy">
      <usernameOverTransportSecurity>
         <clientToken>
            <username username="DOMAIN\AllowedUser" password="password" />
         </clientToken>
      </usernameOverTransportSecurity>
      <requireActionHeader />
   </policy>
</policies>
 
Any advice will be greatly appreciated!
Thanks
Henk

AnswerRe: How do I encrypt this config file? PinmemberTRON10-May-07 22:22 
Generalquick way to encrypt sections in app.config Pinmembermpayne7921-Apr-07 10:55 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140721.1 | Last Updated 18 Apr 2007
Article Copyright 2007 by TRON
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid