In App.config, encrypt the password.

ado.net c# entity-framework

Question

I want to encrypt the connection string's password. The connection string that is kept in App.config when I establish a connection to a database is visible, thus I need to figure out how to keep just the password protected.

1
26
4/2/2011 11:31:06 AM

Accepted Answer

Suppose the following is your connection string:

<connectionStrings>
    <add name="cs" connectionString="Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=XXSDFASFDKSFJDKLJFDWERIODFSDFHSDJHKJNFJKSD;"/>
</connectionStrings>

Then, you may do the following action:

string myCs = System.Configuration.ConfigurationManager.ConnectionStrings["cs"].ConnectionString;

System.Data.SqlClient.SqlConnectionStringBuilder csb = new System.Data.SqlClient.SqlConnectionStringBuilder(myCs);
csb.Password = EncDecHelper.Decrypt(csb.Password);
myCs = csb.ToString();

You're a writer.EncDecHelper.Decrypt using the following samples: Unlock and unlock a string

22
5/23/2017 11:54:38 AM

Popular Answer

Use the connectionStrings configuration section instead of only the password, and encrypt the whole area.

This makes your app configuration safer since the server names and user names will no longer be in plain text.

For RSA or DPAPI, there are how-to guides for encrypting configuration portions on MSDN.



Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow