Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version
Go to top

Strategy to distribute secure database connection strings in an enterprise environment

, 29 Nov 2003
The article discusses a strategy to securely configure and administer a set of connection strings which can be maintained environment wise. It also talks about distributing this information securely in a huge environment to be used by authorized clients only.
ecs_11.zip
EnterpriseConnString.dll
TestECS.exe
enterpriseconnstring_src2003.zip
TestECS
App.ico
UseECS.csproj.user
EnterpriseConnString
EnterpriseConnString.csproj.user
// Copyright � 2003
// Author : Sriram Chitturi
// Date : November 29, 2003

using System;
using Microsoft.Win32;
using System.Collections;

namespace EnterpriseConnString
{
	public class EntConnString
	{
		private string m_server; // server on which connection strings are set in registry
		private bool m_bAdmin; // true - for administration of connection strings
								// need write permissions on server Registry to use this

		// The registry key under which all the connection strings are maintained
		//		Will be <server>\HKLM\Software\ECS\ConnectionStrings
		// <environment>=<encrypted connection string> string values are created
		//		under the key
		private RegistryKey m_baseKey;

		public string Server
		{
			set { m_server = value; }
			get { return m_server; }
		}

		// use this constructor for client
		public EntConnString(string server):this(server, false)
		{
		}

		// pass bAdmin = true for connection strings administration
		public EntConnString(string server, bool bAdmin)
		{
			m_baseKey = null;
			m_bAdmin = bAdmin;
			Server = server;
		}

		// Any exceptions from this method should be handled by the client
		// Modify this behavior as needed
		public void Connect()
		{
			m_baseKey = null;
			RegistryKey HKLM, // LocalMachine base key
						ECSKey; // HKLM\softwate\ECS sub key

			if (m_server == null || m_server.Length == 0) // local host
				HKLM = Registry.LocalMachine;
			else // open base key from remote machine. This needs UnmanagedCode security access
				HKLM = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, m_server);

			// if admin console open in write mode, else read mode is sufficient
			if (m_bAdmin)
			{
				ECSKey = HKLM.CreateSubKey(@"Software\ECS");
				m_baseKey = ECSKey.CreateSubKey("ConnectionStrings");
			}
			else
			{
				ECSKey = HKLM.OpenSubKey(@"Software\ECS");
				if (ECSKey == null)
					throw new Exception(@"HKLM\Software\ECS key not set in server Registry");
				m_baseKey = ECSKey.OpenSubKey("ConnectionStrings");
				if (m_baseKey == null)
					throw new Exception(@"HKLM\Software\ECS\ConnectionStrings "
						+ "key not set in server Registry");
			}
			if (m_baseKey == null)
				throw new Exception("Cannot open registry. Check keys and permissions.");
		}

		// retrieve connection string of an environment
		public string GetConnectionString(string environment)
		{
			if (environment == null)
				throw new Exception("Environment cannot be null");
			if (environment.Length == 0) return ""; // ignore the DEFAULT value
			byte[] encryptedConnString = (byte[])m_baseKey.GetValue(environment);
			return Cypher.Decrypt(Keyword.GetKeyWord(), encryptedConnString);
		}

		// set a connection string for an environment
		public void SetConnectionString(string environment, string connstr)
		{
			if (environment == null || environment.Length == 0 ||
				connstr == null || connstr.Length == 0)
				throw new Exception("Environment or Connection string cannot be empty");

			byte[] encryptedConnString = Cypher.Encrypt(Keyword.GetKeyWord(), connstr);
			m_baseKey.SetValue(environment, encryptedConnString);
		}

		// remove a connection string from the registry
		public void DeleteConnectionString(string environment)
		{
			m_baseKey.DeleteValue(environment, true);
		}

		// Gets the list of all connection strings for different environments
		// Method available only for admin access
		// The admin access is already enforced by checking if the user has
		//    write permissions on the registry key in Connect()
		public Hashtable GetAllConnectionStrings()
		{
			if (! m_bAdmin)
				throw new Exception("Not an administrator.");
			if (m_baseKey == null)
				throw new Exception("Call Connect() before calling this function.");
			string[] envs = m_baseKey.GetValueNames();
			Hashtable values = new Hashtable();
			for (int i=0; i<envs.Length; i++)
			{
				values.Add(envs[i], GetConnectionString(envs[i]));
			}
			return values;
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Sriram Chitturi
Architect
United States United States
No Biography provided

| Advertise | Privacy | Mobile
Web01 | 2.8.140916.1 | Last Updated 30 Nov 2003
Article Copyright 2003 by Sriram Chitturi
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid