Implement encrypted database connection strings in ASP. NET

UsuallyConnection stringPut it in the web. config file, because APIs can directly access and retrieve data, but there are also some security problems, the database connection string is in the. config file in plaintext .. NET has a tool such as ASP. net iis registration tool (Aspnet_regiis.exe), which can encrypt the section of the site's. config file.

Method:
Encryption: Aspnet_regiis-VF "configuration section name in encrypted web. config" "directory of the web. config file"
Decryption: Aspnet_regiis-pdf "configuration section name in encrypted web. config" "directory of the web. config file"

Before Encryption:
<ConnectionStrings>
<Add name = "pubsConnectionString" connectionString = "Data Source = MHL/SQL2000; Initial Catalog = pubs; User ID = sa; Password = sql2000"
ProviderName = "System. Data. SqlClient"/>
</ConnectionStrings>

After Encryption:
<ConnectionStrings configProtectionProvider = "RsaProtectedConfigurationProvider">
<EncryptedData Type = "http://www.w3.org/2001/04/xmlenc#Element"
Xmlns = "http://www.w3.org/2001/04/xmlenc#">
<Encryptionmethod algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<Keyinfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<Encryptedkey xmlns = "http://www.w3.org/2001/04/xmlenc#">
<Encryptionmethod algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<Keyinfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<Keyname> RSA key </keyname>
</Keyinfo>
<Cipherdata>
<CipherValue> e15rhABrAtua53kjZ2a3U + ijC/weight + yFMiuWM + weight + S/qdj8E = </CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue> Principal + Principal/Principal + Ee9QwS8ahvOvRwUY7kWMr + M + jKoS + FDbhuRIkcbWaPP75XzdmyBN/principal </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>

---------------------------

There is no test yet. Please write it down first.

Find some more

------------------------------

Encryption and decryption of database connection strings in ASP. NET web. config.
Although not very fresh, I believe there are still many people who don't know, well, don't talk nonsense, just give the method: Start ---> Run, Enter cmd, and then enter the following content

Encryption:

C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727/aspnet_regiis.exe-Arg "connectionStrings" "Your Web project path"

Decryption:

C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727/aspnet_regiis.exe-pdf "connectionStrings" "Your Web project path"

. NET is the version path, and the name of the connectionStrings connection string is modified by yourself.

Note that a local key is used in the encryption process, which means that the decryption process must be completed on the same computer. If the encrypted Web. config file is moved to another computer, the connection string in the Web. config file cannot be decrypted normally.
Certificate -----------------------------------------------------------------------------------------------------------------------------------------
Asp.net2.0implements simple encryption, that is, using the aspnet_iis.exe command. The command location is as follows:
C:/WINDOWS/Microsoft. NET/Framework/v2.0.50727
Note: The specific situation varies depending on the system location and version number.

In command mode, enter the directory to run. The complete command is:
Aspnet_iis-VF "connectionStrings" "Web. cofing absolute path (Note: you do not need to enter web. config )"

If it is normal, the message "succeeded" is displayed. When Web. config is enabled, the string is encrypted.

The decryption command is:
Aspnet_iis-pdf "connectionStrings" "Web. cofing absolute path (Note: you do not need to enter web. config )"

Note that encryption and decryption must be completed on one machine.

-----------------------------

The following shows how to encrypt the database connection string through Code. The Code is as follows:

 

Configuration config = WebConfigurationManager. OpenWebConfiguration (Request. ApplicationPath );

ConfigurationSection configSection = config. GetSection ("connectionStrings ");

If (configSection. SectionInformation. IsProtected)

... {// If it has been encrypted, no further encryption is required.

ConfigSection. SectionInformation. UnprotectSection ();

Config. Save ();

 

}

Else

...{

ConfigSection. SectionInformation. ProtectSection ("DataProtectionConfigurationProvider ");

Config. Save ();

}

Article Source: http://www.diybl.com/course/4_webprogram/asp.net/netjs/200838/103593.html