Encrypt and Decrypt ConnectionString in app.config and/or web.config!
4.68/5 (28 votes)
Encrypt and Decrypt ConnectionString in app.config and/or web.config!
Introduction
In Windows/Web based applications, it's not rational for you to put your ConnectionString in the native/normal format! This is because anybody can see your userID/username and password!.
In this article, I want to teach you how to encrypt ConnectionString and decrypt it as you wish.
Background
This feature was born in .NET Framework 2.0 (Visual Studio 2005).
Using the Code
First of all, we suggest you to create a static class with the name Utilities and put the below functions in it. After all, you can call just two functions for encryption and decryption of your connection string.
namespace DT.Security
{
public static class Utilities
{
public static void ProtectConnectionString()
{
ToggleConnectionStringProtection
(System.Windows.Forms.Application.ExecutablePath, true);
}
public static void UnprotectConnectionString()
{
ToggleConnectionStringProtection
(System.Windows.Forms.Application.ExecutablePath, false);
}
private static void ToggleConnectionStringProtection
(string pathName, bool protect)
{
// Define the Dpapi provider name.
string strProvider = "DataProtectionConfigurationProvider";
// string strProvider = "RSAProtectedConfigurationProvider";
System.Configuration.Configuration oConfiguration = null;
System.Configuration.ConnectionStringsSection oSection = null;
try
{
// Open the configuration file and retrieve
// the connectionStrings section.
// For Web!
// oConfiguration = System.Web.Configuration.
// WebConfigurationManager.OpenWebConfiguration("~");
// For Windows!
// Takes the executable file name without the config extension.
oConfiguration = System.Configuration.ConfigurationManager.
OpenExeConfiguration(pathName);
if (oConfiguration != null)
{
bool blnChanged = false;
oSection = oConfiguration.GetSection("connectionStrings") as
System.Configuration.ConnectionStringsSection;
if (oSection != null)
{
if ((!(oSection.ElementInformation.IsLocked)) &&
(!(oSection.SectionInformation.IsLocked)))
{
if (protect)
{
if (!(oSection.SectionInformation.IsProtected))
{
blnChanged = true;
// Encrypt the section.
oSection.SectionInformation.ProtectSection
(strProvider);
}
}
else
{
if (oSection.SectionInformation.IsProtected)
{
blnChanged = true;
// Remove encryption.
oSection.SectionInformation.UnprotectSection();
}
}
}
if (blnChanged)
{
// Indicates whether the associated configuration section
// will be saved even if it has not been modified.
oSection.SectionInformation.ForceSave = true;
// Save the current configuration.
oConfiguration.Save();
}
}
}
}
catch (System.Exception ex)
{
throw (ex);
}
finally
{
}
}
}
}
Points of Interest
After I learned this feature, I used it in all of my Windows/Web based applications!
History
- 8th September, 2007: First release