Implement encrypted database connection strings in ASP. NET

Source: Internet
Author: User
Tags connectionstrings

UsuallyConnection stringPut it in the web. config file, because APIs can directly access and retrieve data, but there are also some security problems, the database connection string is in the. config file in plaintext .. NET has a tool such as ASP. net iis registration tool (Aspnet_regiis.exe), which can encrypt the section of the site's. config file.

Encryption: Aspnet_regiis-VF "configuration section name in encrypted web. config" "directory of the web. config file"
Decryption: Aspnet_regiis-pdf "configuration section name in encrypted web. config" "directory of the web. config file"

Before Encryption:
<Add name = "pubsConnectionString" connectionString = "Data Source = MHL/SQL2000; Initial Catalog = pubs; User ID = sa; Password = sql2000"
ProviderName = "System. Data. SqlClient"/>

After Encryption:
<ConnectionStrings configProtectionProvider = "RsaProtectedConfigurationProvider">
<EncryptedData Type = ""
Xmlns = "">
<Encryptionmethod algorithm = ""/>
<Keyinfo xmlns = "">
<Encryptedkey xmlns = "">
<Encryptionmethod algorithm = ""/>
<Keyinfo xmlns = "">
<Keyname> RSA key </keyname>
<CipherValue> e15rhABrAtua53kjZ2a3U + ijC/weight + yFMiuWM + weight + S/qdj8E = </CipherValue>
<CipherValue> Principal + Principal/Principal + Ee9QwS8ahvOvRwUY7kWMr + M + jKoS + FDbhuRIkcbWaPP75XzdmyBN/principal </CipherValue>


There is no test yet. Please write it down first.

Find some more


Encryption and decryption of database connection strings in ASP. NET web. config.
Although not very fresh, I believe there are still many people who don't know, well, don't talk nonsense, just give the method: Start ---> Run, Enter cmd, and then enter the following content


C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727/aspnet_regiis.exe-Arg "connectionStrings" "Your Web project path"


C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727/aspnet_regiis.exe-pdf "connectionStrings" "Your Web project path"

. NET is the version path, and the name of the connectionStrings connection string is modified by yourself.

Note that a local key is used in the encryption process, which means that the decryption process must be completed on the same computer. If the encrypted Web. config file is moved to another computer, the connection string in the Web. config file cannot be decrypted normally.
Certificate -----------------------------------------------------------------------------------------------------------------------------------------
Asp.net2.0implements simple encryption, that is, using the aspnet_iis.exe command. The command location is as follows:
C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727
Note: The specific situation varies depending on the system location and version number.

In command mode, enter the directory to run. The complete command is:
Aspnet_iis-VF "connectionStrings" "Web. cofing absolute path (Note: you do not need to enter web. config )"

If it is normal, the message "succeeded" is displayed. When Web. config is enabled, the string is encrypted.

The decryption command is:
Aspnet_iis-pdf "connectionStrings" "Web. cofing absolute path (Note: you do not need to enter web. config )"

Note that encryption and decryption must be completed on one machine.


The following shows how to encrypt the database connection string through Code. The Code is as follows:


Configuration config = WebConfigurationManager. OpenWebConfiguration (Request. ApplicationPath );

ConfigurationSection configSection = config. GetSection ("connectionStrings ");

If (configSection. SectionInformation. IsProtected)

... {// If it has been encrypted, no further encryption is required.

ConfigSection. SectionInformation. UnprotectSection ();

Config. Save ();





ConfigSection. SectionInformation. ProtectSection ("DataProtectionConfigurationProvider ");

Config. Save ();


Article Source:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.