How to encrypt and decrypt a web.config

In the Web site development process, if we encapsulate the database connection string into the. DLL file, you will have trouble migrating the database and the program, because if the server address or database changes, then we have to modify the source program and recompile it. A better solution is to write the database connection string to the Web.config configuration file. The problem is that when you write a connection string to a Web.config file, anyone can open the database name and password that you are connected to, and it poses a security risk, so in order to secure the database, we can use the Microsoft ID E with the command aspnet_regiis.exe to encrypt the label specified in the profile web.config, and if you want to view the encrypted connection string later, we can also use Aspnet_regiis.exe to decrypt the encrypted string.

1. Cryptographic General Syntax
Encrypt the general form of a Web.config file for a particular Web site
ASPNET_REGIIS.EXE-PEF secion Physical_directory-prov Provider
Or
Aspnet_regiis.exe-pe Secion-app Virtual_directory-prov Provider
Among them, the meaning of each parameter is as follows:
The section represents the configuration sections to be encrypted physical_directory is used to specify the physical path of the site.      Virtual_directory the user to specify the virtual path. Provider specifies an encryption provider.

The connection string that encrypts a particular site is:
Aspnet_regiis.exe-pef "connectionstrings" "Your Web Project path"-prov "DataProtectionConfigurationProvider"
Where Dataproctionconfiguartionprovider is the Windows Data Protection API (DPAPI) provider that uses the built-in cryptography technology in Windows to decrypt the configuration section. By default, this provider uses the local key.

2. Encryption Method

Run the Visual Studio 2008 command Prompt

Results after encryption
<connectionstrings configprotectionprovider= "DataProtectionConfigurationProvider" > <EncryptedData> <CipherData> <ciphervalue>aqaaancmnd8bfderjhoawe/cl+sbaaaay1wyvzomb0walqyo+ ogiigqaaaacaaaaaaadzgaaqaaaabaaaadbdjp+bace//lsg/so66+8aaaaaasaaacgaaaaeaaaanlf3b73kdupv/ caf4a9npuwaqaaotvrhdajnjajfefig7pd6sg8gmnjkgpnd4jlchu7w9xhoupgg4c/ld9h9wq9uf3t/0momi9tbrwdfj1yu5/ e3pav4rcbcvdlpd0vc7hxtdmqfrjq+1ohtdk2woisnpx0tzxwze25o4vlxq/ayri1wmlo2zyrqskg0hqfqbobcf7lrgweujsv+ peos5ovxcgnhfipvmy5iq8sh5fnhmgg8gu5jlzqaoqyfg8ci7mgoebcqzr67krjxrbrs26lztaj8lzf2bk+ qcsqtu7rt4c33jblqispl9xhfoul9gvgtu5vs1s1h5vterteyxxnl7ptir3cnjibdmji48ljfoogtymt35kudk3j0dxb68dqpaek5qsec/l0+ 6bizstrz7bdnongv/xfivjnbsnyxx5ishqaaacugn8qguuq4tozkkcc891sv/cvdq==</ciphervalue> </CipherData> < /encrypteddata> </connectionStrings>
3. Decryption
Decrypting the connection string is also simple
Aspnet_regiis.exe-pdf "connectionstrings" ' your Web project path '

Results after decryption:
<connectionStrings> <add name= "Sql" connectionstring= "Data source=.;i Nitial catalog=myschool;integrated security=true "/> </connectionStrings>

4. Background code reads the database connection string in the configuration file Web.config:
Using System.configuation; ... protected void Page_Load (object sender, EventArgs e) {lblmessage.text = configurationmanager.connectionstrings["SQL"] . ToString (); } ...
Run Effect chart:

5. In the connection string encryption and decryption process, need to pay attention to a few points.
Using an encrypted connection string

Using an encrypted connection string does not require encoding decryption, ASP. NET will automatically decrypt the encrypted content.
Encryption and decryption are used on the same machine

A native-based key was used during the encryption process. This means that encryption and decryption must be done on the same computer, or they will not be decrypted. Also, a configuration that is encrypted on one computer will not work on another computer.
Chinese path problem

This command is not very good for Chinese support. If you have a Chinese character in the path of your site, you may not be able to decrypt it normally.