Wednesday, January 6, 2010

How to Encrypt or Decrypt Connection Strings in ASP .Net 3.5


We can encrypt the section of a web configuration file (web.config).

After the Encryption of Connection Strings is done, you will notice a change in web.config file, that the contents of the section are no longer visible.

However, an ASP.NET page can continue to read the values of the Corresponding Database (For e.g. GuestBook connections string by using the <%$ ConnectionStrings:GuestBook %> expression.

The easiest way to encrypt the section is to use the aspnet_regiis
command-line tool. This tool is located in the following folder:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

Executing the following command encrypts the section of a
Web.Config file located in a folder with the path c:\Websites\myGuestBook

aspnet_regiis -pef connectionStrings “c:\Websites\ myGuestBook”

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section
located at a particular path.

You can decrypt a section with the -pdf option like this:

aspnet_regiis -pdf connectionStrings “c:\Websites\myGuestBook”


No comments: