Results 1 to 8 of 8

Thread: Connection string in web.config file

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Apr 2010
    Posts
    478

    Connection string in web.config file

    I stored connection string in web.config file in which including server name, user name and password.

    Also, I use publish way to compile asp.net apps to web server.

    But, IT people said that web.config file need to be encrypted.

    Questions.

    1) How to encrypt web.config?

    2) Is there another way to store connection string?

  2. #2
    Frenzied Member PlausiblyDamp's Avatar
    Join Date
    Dec 2016
    Location
    Newport, UK
    Posts
    1,270

    Re: Connection string in web.config file

    https://docs.microsoft.com/en-us/pre...fkaw(v=vs.100)

    found by typing "Encrypt web.config" into google funnily enough

  3. #3
    PowerPoster kfcSmitty's Avatar
    Join Date
    May 2005
    Posts
    2,223

    Re: Connection string in web.config file

    If you're on a domain it also isn't uncommon to use Windows Authentication for the connection to the SQL server by setting integrated security to true. That way no credentials are stored in the web.config and the operations team has full control over the user running the app pool/making the connection to the database.

  4. #4
    Lively Member
    Join Date
    Jan 2020
    Posts
    100

    Re: Connection string in web.config file

    Hello,@aspfn

    Please try this code,To Connection string in web.config file

    Code:
    <connectionStrings>  
        <add name="yourconnectinstringName" connectionString="Data Source= DatabaseServerName; Integrated Security=true;Initial Catalog= YourDatabaseName; uid=YourUserName; Password=yourpassword; " providerName="System.Data.SqlClient" />   
    </connectionStrings>
    I hope this code will be useful for you.
    Thank You.

  5. #5
    .NUT jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    105,604

    Re: Connection string in web.config file

    You may like to check this out, which deals with Protected Configuration:

    http://www.vbforums.com/showthread.p...-Config-Files)

    I wrote that a while ago and it was aimed at Windows apps but the tools are part of ASP.NET and the information relates the the link provided in post #2.

  6. #6
    .NUT jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    105,604

    Re: Connection string in web.config file

    Quote Originally Posted by Prahlad View Post
    Hello,@aspfn

    Please try this code,To Connection string in web.config file

    Code:
    <connectionStrings>  
        <add name="yourconnectinstringName" connectionString="Data Source= DatabaseServerName; Integrated Security=true;Initial Catalog= YourDatabaseName; uid=YourUserName; Password=yourpassword; " providerName="System.Data.SqlClient" />   
    </connectionStrings>
    I hope this code will be useful for you.
    Thank You.
    That does not answer the question asked. The OP already knows how to store a connection string in the config file. It's encrypting it to store it securely that is the issue.

  7. #7
    Lively Member
    Join Date
    Jan 2020
    Posts
    100

    Re: Connection string in web.config file

    The connection string property must be placed under configuration tag in your web config file. Here is mine.
    Code:
    <connectionStrings>  
       <add name="myConnection" connectionString="Data Source=SIBEESHVENU\SQLEXPRESS;Initial Catalog=ReportServer$SQLEXPRESS;Integrated Security=True" />  
    </connectionStrings>

    Now we will create a web page and in the page load event we will fetch this connection string and write it as a response.

    Code:
    using System;  
    using System.Collections.Generic;  
    using System.Linq;  
    using System.Web;  
    using System.Web.UI;  
    using System.Web.UI.WebControls;  
    namespace EncryptConnectionString  
    {  
        public partial class Default: System.Web.UI.Page  
        {  
            protected void Page_Load(object sender, EventArgs e)  
            {  
                if (!IsPostBack)  
                {  
                    try  
                    {  
                        string myCon = System.Configuration.ConfigurationManager.ConnectionStrings["myConnection"].ConnectionString;  
                        if (myCon != null)  
                        {  
                            Response.Write("My connection string is :" + myCon);  
                        }  
                    }  
                    catch (Exception)  
                    {  
                        throw;  
                    }  
                }  
            }  
        }  
    }
    Please run your page, you will see your connection string in your page.

    Connection string response

    Encrypt connection string

    To start the process, you must open your command window with the admin privilege. Then type the following command.
    Code:
    cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
    This command will narrate you to the framework version folder given. Now right click on your project and click open folder in file explorer and then copy the location. For me it is F:\Visual Studio\EncryptConnectionString\EncryptConnectionString. Now please go back to your command prompt and type the command as follows.
    Code:
    ASPNET_REGIIS -PEF "connectionStrings" "F:\Visual Studio\EncryptConnectionString\EncryptConnectionString"

  8. #8
    New Member
    Join Date
    Jul 2020
    Posts
    9

    Re: Connection string in web.config file

    Yes, you need to encrypt your connection strings inside your web.config else your site will be at risk if anyone with bad intention have access to it.
    If am not mistaking, this can be done either from codebehind or command prompt using aspnet_iis.exe utility.
    For the utility, u
    You need to pass -pef parameter for encryption and -pdf for decryption.
    A very good example I found was the one written by Nuelson. Check it https://www.emmason247.com.ng/tutori...ion/VGWIGGDCDD

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width