Geek Answers Handbook

How to encrypt connection string in app.config?

What is the best way to encrypt connstring in app.config?

  • use cryptography for encryption and decryption, or
  • use %windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "C:\documents and settings\bob\projects\myproject" , as recommended in Protect App.Config or Encrypt .

Care:
1) If I use Crytography, everything works fine. Except that the code below will always be called every time you run using (leDataContext db = new leDataContext()) , which makes me feel like it will slow down the system.

 public partial class leDataContext { public leDataContext() : base("") // : base(ConfigurationManager.ConnectionStrings["leConnString"].ToString()) { string decrypted = Cryptography.Decrypt(ConfigurationManager.ConnectionStrings["leConnString"].ToString()); base.Connection.ConnectionString = decrypted; } }

2) If I use method 2, this sounds good, as it will automatically perform encryption. However, should these encrypted <CipherValue>rUmEA8h02uMZ5M4uEVtL+5M/UvPuyJ4UJz5d/P...</CipherValue> in my app.conf when I publish them using ClickOnce?

Precisely because method 2 can only be executed on the client machine. So I have to execute method 2 on the client computer and then copy this encrypted code to a file and every time I want to publish using clickOnce, manually copy it back to App.config before publishing so that the client updates the connstring right?

Cryptography code:

  internal static string Encrypt(string sender, string key) { string text1; if (sender == null) sender = ""; byte[] buffer4 = new byte[0]; byte[] buffer1 = buffer4; byte[] buffer2 = new byte[] { 110, 120, 130, 140, 150, 160, 170, 180 }; try { buffer1 = Encoding.UTF8.GetBytes(key.Substring(0, 8)); DESCryptoServiceProvider provider1 = new DESCryptoServiceProvider(); byte[] buffer3 = Encoding.UTF8.GetBytes(sender); MemoryStream stream1 = new MemoryStream(); CryptoStream stream2 = new CryptoStream(stream1, provider1.CreateEncryptor(buffer1, buffer2), CryptoStreamMode.Write); stream2.Write(buffer3, 0, buffer3.Length); stream2.FlushFinalBlock(); text1 = Convert.ToBase64String(stream1.ToArray()); } catch (Exception ex) { text1 = string.Empty; } return text1; }

Could you please consult?

+2
c # encryption
source share
1 answer

If you are worried that the decryption code is being called all the time, you can save it (either against HttpContext.Items / Cache, if you are worried about several calls on the same page or static, you're worried about this for all requests).

If you are going to put it in a static one (note: this means that the decrypted value is stored in memory, which can be a problem, depending on why you are encrypting it), I would recommend using a static constructor to decrypt it to provide code execution only once and cannot have simultaneous problems:

 public partial class leDataContext { private static DecryptedConnectionString; static leDataContext() { // This code is guaranteed to run only once, by the framework, before any calls to the instance constructor below. DecryptedConnectionString = Cryptography.Decrypt(ConfigurationManager.ConnectionStrings["leConnString"].ToString()); } public leDataContext() : base("") { base.Connection.ConnectionString = DecryptedConnectionString; } }

There is also built-in material for encrypting connection strings, which may be the best choice:

Encrypting configuration file sections using secure configuration

ASP.NET 2.0 provides a new feature called secure configuration that encrypts sensitive information in the configuration file. Although mainly for ASP.NET, a secure configuration can also be used to encrypt the configuration of file partitions in Windows applications. For a detailed description of the new secure configurations, see Encrypting configuration information using a secure configuration .

+3
source share

More articles:


All Articles