Encrypt connectionStrings section of web.config
5.00/5 (1 vote)
Web.Config <add name="ConnString" connectionString="Data Source=.\SQLEXPRESS;
Web.Config
<configuration>
<connectionStrings>
<add name="ConnString" connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|MyDatabase.mdf;Integrated Security=True;User Instance=True" />
</connectionStrings>
</configuration>
The easiest way to encrypt the <connectionStrings> section is to use the aspnet_regiis command-line tool.
This tool is located in the following folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
Executing the following command encrypts the <connectionStrings> section of a Web.Config file
located in a folder with the path c:\Websites\MyWebsite:
aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"
The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.
You can decrypt a section with the -pdf option like this:
aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"
ASP.NET page can read the value of the connection string by using the <%$ ConnectionStrings:ConnString %> expression