Click here to Skip to main content
Click here to Skip to main content

Encrypt and Decrypt ConnectionString in app.config and/or web.config!

, 8 Sep 2007
Rate this:
Please Sign up or sign in to vote.
Encrypt and Decrypt ConnectionString in app.config and/or web.config!

Introduction

In Windows/Web based applications, it's not rational for you to put your ConnectionString in the native/normal format! This is because anybody can see your userID/username and password!.

In this article, I want to teach you how to encrypt ConnectionString and decrypt it as you wish.

Background

This feature was born in .NET Framework 2.0 (Visual Studio 2005).

Using the Code

First of all, we suggest you to create a static class with the name Utilities and put the below functions in it. After all, you can call just two functions for encryption and decryption of your connection string.

namespace DT.Security
{
    public static class Utilities
    {
        public static void ProtectConnectionString()
        {
            ToggleConnectionStringProtection
		(System.Windows.Forms.Application.ExecutablePath, true);
        }

        public static void UnprotectConnectionString()
        {
            ToggleConnectionStringProtection
		(System.Windows.Forms.Application.ExecutablePath, false);
        }

        private static void ToggleConnectionStringProtection
				(string pathName, bool protect)
        {
            // Define the Dpapi provider name.
            string strProvider = "DataProtectionConfigurationProvider";
            // string strProvider = "RSAProtectedConfigurationProvider";

            System.Configuration.Configuration oConfiguration = null;
            System.Configuration.ConnectionStringsSection oSection = null;

            try
            {
                // Open the configuration file and retrieve 
	       // the connectionStrings section.

                // For Web!
                // oConfiguration = System.Web.Configuration.
	       //                  WebConfigurationManager.OpenWebConfiguration("~");

                // For Windows!
                // Takes the executable file name without the config extension.
                oConfiguration = System.Configuration.ConfigurationManager.
                                                OpenExeConfiguration(pathName);

                if (oConfiguration != null)
                {
                    bool blnChanged = false;

                    oSection = oConfiguration.GetSection("connectionStrings") as
                System.Configuration.ConnectionStringsSection;

                    if (oSection != null)
                    {
                        if ((!(oSection.ElementInformation.IsLocked)) &&
                (!(oSection.SectionInformation.IsLocked)))
                        {
                            if (protect)
                            {
                                if (!(oSection.SectionInformation.IsProtected))
                                {
                                    blnChanged = true;

                                    // Encrypt the section.
                                    oSection.SectionInformation.ProtectSection
								(strProvider);
                                }
                            }
                            else
                            {
                                if (oSection.SectionInformation.IsProtected)
                                {
                                    blnChanged = true;

                                    // Remove encryption.
                                    oSection.SectionInformation.UnprotectSection();
                                }
                            }
                        }

                        if (blnChanged)
                        {
                            // Indicates whether the associated configuration section 
                            // will be saved even if it has not been modified.
                            oSection.SectionInformation.ForceSave = true;

                            // Save the current configuration.
                            oConfiguration.Save();
                        }
                    }
                }
            }
            catch (System.Exception ex)
            {
                throw (ex);
            }
            finally
            {
            }
        }
    }
}

Points of Interest

After I learned this feature, I used it in all of my Windows/Web based applications!

History

  • 8th September, 2007: First release

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Dariush Tasdighi
Web Developer
Iran (Islamic Republic Of) Iran (Islamic Republic Of)
I'm experienced in below items:
 
- XML 1.0
- CSS 2.0
- ASP 3.0
- HTML 4.01
- XHTML 1.0
- Javascript 1.5
- .NET Framework 1.1/2.0
- Microsoft Office 2000/XP
- Microsoft Visual Basic 6
- Microsoft SQL Server 2000/2005
- Microsoft C#.NET (Windows Based)
- Microsoft C#.NET (XML Web Service)
- Microsoft C#.NET (Web Based = ASP.NET)
 
My Site URLs:
http://www.IranianExperts.ir
http://www.IranianExperts.com
 
My Yahoo Group URL: http://groups.yahoo.com/group/iranianexperts
 
Mobile: 0098-912-108-7461
Address: Tehran, Tehran, Iran

Comments and Discussions

 
QuestionNot working. Pinmembersunayv20-Jun-13 0:41 
Questionخیلی استادی. استاد Pinmemberhamed elahi16-Mar-13 1:58 
QuestionTwo different computer can't read the same encrypted file Pinmemberbiczek26-Jan-13 6:02 
AnswerRe: Two different computer can't read the same encrypted file Pinmembersergiomf20-Aug-14 5:14 
GeneralMy vote of 5 Pinmembermanoj kumar choubey29-Mar-12 23:28 
Questiondidn't work for me, full of bugs. PinmemberMember 238286828-Jun-11 16:52 
GeneralMy vote of 5 PinmemberVirtualIdeal7-Dec-10 16:21 
GeneralMy vote of 5 PinmemberReyhaneh22-Sep-10 8:35 
QuestionWhat's the difference? PinmemberGreizzerland18-Jan-10 7:19 
GeneralSeems unsecure Pinmemberxr280xr2-Mar-09 6:14 
GeneralRe: Seems unsecure PinmemberCStroliaDavis24-Jun-09 11:34 
QuestionCan not be declassified Pinmemberlvxiaojiang26-Jun-08 17:54 
QuestionHow can I apply it on Window service Pinmemberbmwgamil18-Oct-07 11:16 
NewsTwo other related encryption articles in CodeProject ... PinmemberTony Selke27-Sep-07 7:05 
GeneralVeiled Attempt at Social Engineering PinmemberDumpsterJuice9-Sep-07 4:30 
GeneralRe: Veiled Attempt at Social Engineering PinmemberDariush Tasdighi9-Sep-07 22:03 
GeneralRe: Veiled Attempt at Social Engineering PinmemberDumpsterJuice10-Sep-07 1:04 
GeneralTopic already covered PinmemberVasudevan Deepak Kumar9-Sep-07 2:47 
GeneralRe: Topic already covered PinmemberDariush Tasdighi9-Sep-07 3:40 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140827.1 | Last Updated 8 Sep 2007
Article Copyright 2007 by Dariush Tasdighi
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid