Menu
I want to encrypt my "ConnectionString" settings which is located in app.config.
But at the Runtime, I want to use( read ConnectionString ) it directly, without decrypt it.
I mean, I don't want to anyone to decrypt the string. There should be NO decryption method. I'm thinking; it should be like embed .net/asp.net/iis feature to use. Like "Windows Login" ( you can enter it, use it, but you can't decrypt )
===
An Example Usage; You have small website with some critical data. You have no money to buy private server, so you are working on shared server, if the server hacked somehow, you application and database will be stolen. But if you put encrypted connectionstring in app.config, This will be hard to decrpt it and see what is inside in Database.
534
Encrypting and decrypting configuration settings in a config file can be done from the command line using the aspnet_regiis.exe tool.
The details are described in the following MSDN article:
Encrypting and Decrypting Configuration Sections
As the tool is mainly intended to be used with Web applications, it expects the config file to be named 'web.config'. This means that you temporarily will have to rename your app.config file to web.config:
rename App.config web.config aspnet_regiis -pef connectionStrings . -prov DataProtectionConfigurationProvider rename web.config App.config
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
