Encryption of projects in Web. config in ASP. NET 2.0

ASP. NET 2.0 brings us a lot of security improvements, making our web applications more and more secure. In the ASP. NET project, most of our database connection strings are written in the web. config file, and the database user password is at a glance, which is obviously insecure. We may have written some encryption and decryption algorithms to encrypt the data. Now, in ASP. NET 2.0, the system provides us with such a function.

<Connectionstrings>
<Add name = "pubs" connectionstring = "Server = localhost; Integrated Security = true; database = pubs"
Providername = "system. Data. sqlclient"/>
<Add name = "northwind" connectionstring = "Server = localhost; Integrated Security = true; database = northwind"
Providername = "system. Data. sqlclient"/>
</Connectionstrings>

If we have the permission to operate the web server, we can directly use the command line without coding encryption.

Aspnet_regiis-pe "connectionstrings"-app "/sampleapplication"

If we cannot operate the web server, we have to use the code method.

Configuration Config = configuration. getwebconfiguration (request. applicationpath );
Configurationsection section = config. Sections ["connectionstrings"];
Section. protectsection ("dataprotectionconfigurationprovider ");
Config. Update ();

After encryption, we can see

<Connectionstrings>
<Encrypteddata>
<Cipherdata>
<Ciphervalue> aqaaancmndjhoaw... </ciphervalue>
</Cipherdata>
</Encrypteddata>
</Connectionstrings>