The config file is the preferred location for application configuration data these days. .NET apps will use it themselves to store data in various situations. One such situation that many people may have encountered is when you create a Data Source the wizard offers to store the connection string in the config file. This is so that you can simply edit the config file when the app is installed to customise the connection for that system. One issue here is, what if the connection string contains a password? The config file is just plain text so its visible to the world. The answer is encryption and it's already built into the .NET configuration mechanism.
Try running the attached project and then opening the config file from the bin\Debug folder in VS. Notice that there's a <connectionStrings> section and it contains an item named PrimaryConnectionString. Now, select Tools -> Options from the menu and see that the components of that connection string are displayed as individual fields. Try editing those fields and then clicking OK. You don't actually have to have SQL Server installed to do this but if you want to use the drop-down lists to select a server and database you will need it. Go back to VS and you should be prompted to reload the config file. Do so and note that the values you entered now appear in the stored connection string.
Next, select Tools -> Encrypt Connection Strings from the menu. Go back to VS and reload the config file again and observe the changes. Note that your actual connection string is nowhere to be seen. Now, if you select Tools -> Options again at this point an exception will be thrown. I'm not sure exactly why and i'm not sure how to fix it, but that isn't really a problem anyway. This error only occurs when you start the app with the <connectionStrings> section unencrypted, then encrypt it, then try to read a connection string via My.Settings. This should never occur so the error should never appear.
So, close the app and then run it again. Select Tools -> Options from the menu and observe that the components of the connection string are displayed again, even though they cannot be seen in the config file. There was no extra code needed to accomplish this. The user code is exactly the same to read the connection string whether the config file is encrypted or not. the decryption is handled on-the-fly by the Framework.
Now, edit the connection properties again and click OK. Go back to VS and reload the config file again and observe that the long strings of gibberish have changed. Those strings contain your data in encrypted format. Now, select Tools -> Decrypt Connection Strings from the menu and go back to VS and reload the config file again. Note that your connection string is now visible again and the changes you made are reflected. Go back to the app and select Tools -> Options again and observer that, using the same code again, the connection properties have been read from the unencrypted config file. Tada!
N.B. - I've removed the original attachment, which was a VS 2008 project, and attached a VS 2005 version in its place.
Last edited by jmcilhinney; Oct 26th, 2008 at 05:50 AM.
Reply With Quote