I want to encrypt the password in connection string. When I make a connection to DB the connection string is openly stored in App.config and I need to find a way to keep only password encrypted.
Lets say this is your connection string:
<connectionStrings> <add name="cs" connectionString="Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=XXSDFASFDKSFJDKLJFDWERIODFSDFHSDJHKJNFJKSD;"/> </connectionStrings>
Then you can do something like this:
string myCs = System.Configuration.ConfigurationManager.ConnectionStrings["cs"].ConnectionString; System.Data.SqlClient.SqlConnectionStringBuilder csb = new System.Data.SqlClient.SqlConnectionStringBuilder(myCs); csb.Password = EncDecHelper.Decrypt(csb.Password); myCs = csb.ToString();
You can write
EncDecHelper.Decrypt by using samples from here: Encrypt and decrypt a string
connectionStrings configuration section and encrypt the whole section - instead of just the password.
This is safer as your app config will no longer have the server names and user names in plain text either.