Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Okay, I found a link online walking me through how to encrypt the connection string portion of the web.config file. Is there anyone who's ever done this that can answer a couple of questions for me? I tried googling the answers but nothing came up that explained what I needed to know.
 
A little background as to why we are doing this. I need to download data from an outside source that my supervisor has access to. He wants me to download this data daily rather than monthly (which he has to do for me). He wants to put in his user name and password for the connection information and then we'll encrypt it so I can't see his log on information.
 
The questions I have are as follows:
 
1. Can you encrypt a development connection string? The instructions I see seem to show it being encrypted after it's deployed.
2. Once you encrypt the connection string information can you add other connection strings? If yes, do you need to decrypt and re-encrypt or are they added without encrypting?
3. Also he has to reset his password every 60-90 days. Does that mean he'll have to decrypt the connectin string, input his new password and then re-encrypt it again?
 
If you don't have experience with this but know a good on-line source I'd take that also. I just want to understand how this is going to work before I try to implement it.
 
Thanks,
Carolyn
Posted 10-Feb-12 9:04am
CARisk3973
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

Why not use SSPI - your web application is proably running under a service user account[^]. SSPI allows SQL authentication to be tied to the service user account - this way there will be no need to save username and password in the web.config.
 
Best regards
Espen Harlinn
  Permalink  
Comments
Wonde Tadesse at 11-Feb-12 10:58am
   
5+.Perfect this is the right soln.
Espen Harlinn at 11-Feb-12 11:03am
   
Thank you, Wonde!
Tech Code Freak at 12-Feb-12 1:01am
   
5up!
Espen Harlinn at 13-Feb-12 14:03pm
   
Thank you, Tech Code Freak!
CARisk3 at 13-Feb-12 13:00pm
   
Okay. I guess I should have been more specific in the background information. We don't own this information or the system that the information is stored on. It's PHI (personal health information) data and it's not store in an sql database. It's stored in an application specific storage. The connection string not only contains user name and password but also the location of the stored data.
thatraja at 13-Feb-12 13:39pm
   
5!
Espen Harlinn at 13-Feb-12 14:03pm
   
Thank you, thatraja :)
thatraja at 13-Feb-12 14:14pm
   
Hi, I'll send you mail(May be lengthy one) tomorrow or soon.
Espen Harlinn at 13-Feb-12 14:14pm
   
Ok :)
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

1 - If you can do it at all, I'm sure you can do it in development. How you handle that is up to you. But, unless there's a built in decryption method that doesn't involve your code, you're going to be able to decrypt it and read it anyhow
 
2 - I have no idea, sorry, if the setting for encryption is not on the connection string level, then I assume they all need to be encrypted or not.
 
3 - Yes, of course it does.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Well, I tried to encrypt the development web.config and it didn't work. I did find the following article that makes it seem as if I can't encrypt the development web.config, I can only encrypt the deployed one.
 
http://www.emmet-gray.com/Articles/EncryptConnectionStrings.htm[^]
 
If anyone knows of a way this can be done, please let me know.
 
Thanks,
Carolyn
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 369
1 Sergey Alexandrovich Kryukov 365
2 Maciej Los 285
3 George Jonsson 185
4 King_Fisher 160
0 Sergey Alexandrovich Kryukov 10,934
1 Maciej Los 5,614
2 OriginalGriff 5,603
3 CPallini 3,879
4 BillWoodruff 3,579


Advertise | Privacy | Mobile
Web01 | 2.8.141030.1 | Last Updated 11 Feb 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100