Encrypt only passwords in web.config ASP.NET

Question

Encrypt only passwords in web.config ASP.NET

How can I encrypt only passwords in the web.config file?

<add name="PSystem" connectionString="Server=test;Database=Dev;User ID=testuser;Password=password@123;Trusted_Connection=False;Encrypt=True;" providerName="System.Data.SqlClient" />

+3

asp.net web-config encryption

Chaitany ram Apr 24 '12 at 4:22

source share

3 answers

Ulises · Answer 1 · 2012-04-24T04:28:35+0000

I believe that built-in encryption mechanisms work throughout the connectionString section:

See this site for more details.

If you want to encrypt passwords in memory that can be entered by the user through the login form, you can use SecureString

Oscar Rivera · Answer 2 · 2013-03-06T21:51:52+0000

you can try using flags in the connection string as follows:

<add name="PSystem" 
 connectionString="Server=test;
                   Database=Dev;
                   User ID=@UserID@;
                   Password=#Password#;
                   Trusted_Connection=False;
                   Encrypt=True;" 
  providerName="System.Data.SqlClient" />

then you can encrypt the user and password as follows:

<add key="DB_User" value = [Encrypted Username]>
<add key="DB_Password" value = [Encrypted Password]>

Then in the code, you simply replace the flags:

string _connectionString = ConfigurationManager.ConnectionStrings["PSystem"].ConnectionString;

string user = Decrypt(ConfigurationManager.AppSettings["DB_User"]);
string password = Decrypt(ConfigurationManager.AppSettings["DB_Password"]);

_connectionString = _connectionString.Replace("##User##", user).Replace("##Password##", password);

Francisco goldenstein · Answer 3 · 2013-12-05T02:49:21+0000

, Aspnet_regiis.exe -pe , .
aspnet_regiis -pe "connectionStrings" -app "/ SampleApplication" -prov "RsaProtectedConfigurationProvider"

Source: http://msdn.microsoft.com/en-us/library/zhhddkxy(v=vs.100).aspx

Encrypt only passwords in web.config ASP.NET

More articles: