Use encrypted database connection strings in asp.net to ensure data security and asp.net Data Security

Source: Internet
Author: User
Tags asp net

Use encrypted database connection strings in asp.net to ensure data security and asp.net Data Security

When we publish a website, encrypt web. config to effectively ensure the security of database users and passwords. The steps are as follows:

1. Add a key

Run: C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis-pc "hnlaw"-exp

"Hnlaw" is the key name.

2. Add a web. config Node

Add:

<configProtectedData> <providers> <add keyContainerName="hnlaw" useMachineContainer="true" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" name="hnlaw" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </configProtectedData>

Note: Here keyContainerName = "hnlaw" and name = "hnlaw" respectively indicate your key name;

3. encrypt web. config

Add a batch file enweb. bat to the root directory of the website. The content is as follows:

Copy codeThe Code is as follows:
@ Echo off

C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis-Arg "system. web/identity" "E: \ HS Studio \ Donet2 \ Hnlawyer"-prov

"Hnlaw"

C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis-Arg "connectionStrings" "E: \ HS Studio \ Donet2 \ Hnlawyer"-prov

"Hnlaw"

PAUSE
Register the above path and name!

It appears successfully after running!

4. decryption

Add a batch file deweb. bat to the root directory of the website. The content is as follows:

Copy codeThe Code is as follows:
@ Echo off

C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis-Arg "system. web/identity" "E: \ HS Studio \ Donet2 \ Hnlawyer"

C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis-pdf "connectionStrings" "E: \ HS Studio \ Donet2 \ Hnlawyer"

PAUSE

Finally, you should note that after you finish the process, find the C: \ Documents ents and Settings \ All Users \ Application Data \ Microsoft \ Crypto \ RSA \ MachineKeys directory and find the generated

The key file (which can be searched by Time) can be read by The network service. Otherwise, an Error message from the provider: The RSA key container cocould will appear.

Not be opened.

Unable to read

This may happen. If you do not have your own server and you do not have the permission to modify the MachineKeys directory, you do not know any other solutions. I hope you can share them with us :)


Asp net encrypted database access string Problems

Common form of encrypting the web. config file of a specific website:
Aspnet_regiis.exe-Arg section physical_directory-prov provider

Section: configuration section to be encrypted
Physical_directory: Specifies the physical path of the site.
Provider: encryption provider

---------------------------------------------------------
How to encrypt the connection string of a specific site:
Aspnet_regiis.exe-Wordpress connectionStrings "your Web project path"-prov "DataProtectionConfigurationProvider"

ConnectionString: the name of the connection string.

----------------------------------------------------------

How to decrypt the connection string of a specific site:
Aspnet_regiis.exe-pdf "connectionString" "Your Web project path"

ConnectionString: the name of the connection string.

I often use this method. Let's take a look.

How to encrypt and decrypt database connection strings?

I want to encrypt the database connection string in the WEB. CONFIG file? ASP. NET, the old version of encrypted connection string in web. config, saves the connection string directly on the ASPX page. Recall that the connection string contains the data server name and
User Account and other information, sometimes even including passwords. It is a bad habit to include the above information in the Code for two reasons. First, this information can be viewed by every programmer in the design team (
Site visitors cannot see it in the browser ). Second, maintenance and updates are required for each location on the entire Web site that has the connection. Updating the password has become a heavy task.
ASP. NET 2.0 provides an option to move the connection string to the connection area of the Web. config file, give the string a name, and encrypt it. Then ASP. NET
The 2.0 page uses this name to reference the connection string. It is not complicated to save the connection string to Web. config. Open the Web. config file in the root directory of the site. Find
To the defined area (you can add it if it does not exist) and enter the following code in the tag. This tag has three attributes: name,
ConnectionString and providerName. The property name is the common name of the connection string that will be used on the page.
The connectionString attribute should be set as the complete connection string to connect to the database, as described above. E.g. schemas.microsoft.com/.NetConfiguration/v2.0 ">

You can use commands to encrypt the connection string area of the Web. config file. When the ASPX page requests a connection string, ASP. NET automatically decrypts the information. Encryption required
Run the following command line. Click Start/Run/cmd and switch to C: \ WINDOWS \ Microsoft.net \ Framework \
V2.0.xxxx, where xxxx is your software version. If C: \ Websites \ BegAspNet2Db is the site root directory, enter the following command line:
Aspnet_regiis-Arg connectionStrings C: \ Websites \ BegAspNet2Db
The command line tool that encrypts the connection string can also use the Virtual Path Language
Method (path in the IIS metadatabase) without specifying the fully qualified path of the Web. config file, as shown below: aspnet_regiis-pe
ConnectionStrings-app/BegAspNet2Db
Once the encryption process is completed, you can open the Web. config file, but the connection string has been obfuscated. When ASP. NET is required, the connection string can be automatically decrypted, or
For example, you can manually enter the following code to decrypt the password. Aspnet_regiis-pdf connectionStrings
C: \ Websites \ BegAspNet2Db. By default, the encryption process uses an encryption algorithm
The Machine Key of the row. The decryption process (whether manual or page processing) must occur on the same machine as the encryption. For example, as part of XCOPY deployment, move Web. config
Another machine will cause the Web. config to fail to be decrypted. Therefore, we recommend that you deploy the Web site to the full text of ......>
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.