Asp.net- Encrypt and Decrypt connection strings in web.config file

In this article I will explain how to encrypt or decrypt connectionStrings in web.config file using asp.net.
If we are using applications in our internal servers with security then it’s ok if we deploy our applications in shared host environment then we have chance to arise security problems to avoid these problems asp.net 2.0 provided built in protected configuration model functionality to encrypt or decrypt few sections of web.config file those are

RSAProtectedConfigurationProvider: This is default provider and uses the RSA public key encryption algorithm to encrypt and decrypt data.

DataProtectionConfgurationProvider: This provider uses windows data protection application programming interface to encrypt and decrypt the data.

The encrypting and decrypting of connection strings in web.config file will do by usingaspnet_regiis.exe command line tool and code behind.

First Method:

First we will do encryption and decryption using aspnet_regiis.exe command line tool in file system website

To implement encryption and decryption first create one new website using visual studio. 

After that open web.config file in application and add sample db connection in connectionStringssection like this 

<connectionStrings>
<add name="dbconnection" connectionString="Data Source=SureshDasari;Integrated Security=true;Initial Catalog=MySampleDB"/>
</connectionStrings >
After add dbconnection in connectionString check the below steps to encrypt or decrypt the connection string in web.config.

1.     1) Go to Start >> All Programs >> Microsoft visual studio 2008 >> Visual Studio Tools >> Visual Studio 2008 Command Prompt (Note: if you’re using windows 7 right click on command prompt and select Run as administrator)


2.     2) After open command prompt type the following command aspnet_regiis.exe -pef "connectionStrings" "C:\VisualStudio2008\Authorization"

Here –pef indicates that the application is built as File System website. Second argumentconnectionStrings indicates that name of the configuration section needs to be encrypted. The Third argument is the physical path of the folder where the web.config file is located.

3.     3) After enter the command click enter if everything goes well we will get success message like “Encrypting configuration section… Succeeded!


Now open your application and check connectionStrings in web.config file that would be like this

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZNUbIEnOwlZzC8qbzHj5F2GS9gLYSkWCIgCJGkrgZAX8A+8oEIssyohhxUKvAubD3jizFc5IjbLGt7HNXhoFhXNTUPYz2y6tdKJDVgDmtCgVf8Z2C990zoMRBJG+VXhmgnlo1vtHYhGx8x/bBzE1prT1+xDpep98vHF22d+LrVI=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>tODWlPD0Q/B/mP14GQ/5tUxcjmhHcy9a0oPunV5osNrMQRztgi2h5V6sxJOEh+NC+G9gQNkv1huXf1s7eoZRRLy5/LDtLXzzqMUOqLSlJUs9igChvi33c9XG4rwGF15Tpn4N34bpQBt94n0rpSkQ18V9HCPzii+UO64PlA+ykDeQhc9aQr4gO3mCfUzmY2S9gsXzRbzdq0oCWBDvx8UkX2uDxaysVHC9Fo7u6IrlpU0+hOdK95Y3/A==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
Here we don’t want to write any code to decrypt the encrypted connectionString in our application because .NET automatically decrypts it. If we want to use the connection string just call it like normal way

string strconnection = ConfigurationManager.AppSettings["dbconnection"].ToString();
Now if we want to decrypt connectionStrings section in web.config use the following commandaspnet_regiis.exe -pdf "connectionStrings" "C:\VisualStudio2008\Authorization"

After command execute we will get message like “Decrypting configuration section… Succeeded!

Now check your connctionStrings section in your web.config file you will see decrypted connection string.

Till now we learned how to encrypt and decrypt connectionStrings section in File system website. If I want to encrypt connection string in IIS based site like i.e. Deployed website for that we need to use the following commands

Encrypt connectionStrings in web.config of IIS based site

aspnet_regiis.exe -pe "connectionStrings" -app "/SampleWebSite"

Here –pe indicates that the application is built as IIS based site. Second argument connectionStringsis the name of configuration section needs to be encrypted. The Third argument -app indicates virtual directory and last argument is the name of virtual directory where application is deployed.

Decrypt connectionStrings in web.config of IIS based site

aspnet_regiis.exe -pd "connectionStrings" -app "/SampleWebSite"

Till now we learned how to encrypt and decrypt connectionStrings section in web.config file using aspnet_regiis.exe command line tool now I will explain code behind method to encrypt and decrypt the connection string section in web.config.

Second MethodIn second method I will use RSAProtectedConfigurationProvider and DataProtectionConfgurationProvider to encrypt and decrypt connectionStrings in web.config using asp.net.

First open Default.aspx page and write the following code

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button id="btnEncrypt" runat="server" Text="Encrypt" onclick="btnEncrypt_Click" />
<asp:Button ID="btnDecrypt" runat="server" Text="Decrypt" onclick="btnDecrypt_Click" />
</div>
</form>
</body>
</html>

Comments

Post a Comment

Popular posts from this blog

CRM Automate build Solution using Powershell commands

In CRM if there is any solution movement from other enviornment like DEV,PROD,STG we use to export the solution and import the solution to the respective environment by logging into MS Dynamics CRM. This will tends to extra effort to do manually for developers or release managers. So what if release user or test user can build and deploy the Solution deployment without CRM intervention(CRM loggin in) We need to do some automate build and deployment. In this article i write about how Import/Export solution automate to the various environment without intervention of logging into MS Dynamics CRM. XRM CI Framework,this is one tool use to automate the build in CRM       Below link is for download the XRM CI Framework https://xrmciframework.codeplex.com/releases/view/125516 Download and extract the ZIP file . First HelloWorld example “WhoAmIRequest” 1.Open "Powershell" and "Run as a Administrator" 2.Navigate to Extrac
Read more

Access the fields on Quick View Form – Dynamics CRM 2015

Image
Quick view forms in Dynamics CRM 2013 allow you to display all the related entity information. Is there a way to retrieve the field value on Quick View Form using JavaScript without additional OData call to the associated entity? The answer is Yes and here is the sample of the form and JavaScript:   Here is the Following steps to get the value from the QuickView form     Sample Quick Form     Eg: We need to get the attribute value called AccountNumber from QuickForm Step 1: Open the Customization->Entity->Form     Step 2:  Double click the customer pane window to see the properties and note the quickformname,and related entity name.Click Edit.       Step 3:   Our goal is to get the attribute name of AccountNumber.   After Click Edit the following dialog box with Field Properties and note down the attribute name Code: below is the format //QuickFormname_QuickFormname_EntityName_AttributeName if(Xrm.Page.getControl('customerpane_q
Read more