Protecting Connection Strings in Asp.net & C#
Before
<connectionStrings>
<add name="NORTHWNDConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\NORTHWND.MDF;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
1 .go to run
2. open CMD
3. go to C:\Windows\Microsoft.NET\Framework\v2.0.50727
step 4.
aspnet_regiis.exe -pef "connectionStrings" "C:\Websites\MyExample" -prov "DataProtectionConfigurationProvider"
after
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider" >
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sB6uV62iLDrdr17KLgYixwPjiIjt/brdfndYbp7OHUtrgzA==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["NORTHWNDConnectionString"].ConnectionString);
con.Open();
SqlCommand cmd = new SqlCommand("select * from Employees", con);
SqlDataAdapter objdataadapter = new SqlDataAdapter(cmd);
DataTable objDt = new DataTable();
objdataadapter.Fill(objDt);
In short, we do not need to add any extra code or logic to decrypt the encrypted
The .NET Framework ships with two protected configuration providers:
RSAProtectedConfigurationProvider- uses the asymmetric RSA algorithm for encryption and decryption.DPAPIProtectedConfigurationProvider- uses the Windows Data Protection API (DPAPI) for encryption and decryption.
Before
<connectionStrings>
<add name="NORTHWNDConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\NORTHWND.MDF;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
1 .go to run
2. open CMD
3. go to C:\Windows\Microsoft.NET\Framework\v2.0.50727
step 4.
aspnet_regiis.exe -pef "connectionStrings" "C:\Websites\MyExample" -prov "DataProtectionConfigurationProvider"
after
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider" >
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sB6uV62iLDrdr17KLgYixwPjiIjt/brdfndYbp7OHUtrgzA==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["NORTHWNDConnectionString"].ConnectionString);
con.Open();
SqlCommand cmd = new SqlCommand("select * from Employees", con);
SqlDataAdapter objdataadapter = new SqlDataAdapter(cmd);
DataTable objDt = new DataTable();
objdataadapter.Fill(objDt);
In short, we do not need to add any extra code or logic to decrypt the encrypted
<connectionString> section
No comments:
Post a Comment