Encrypt a Connection Strings in ASP.NET Web.config

In this hint, I elaborates How to encrypt and deycrypt a Connection Strings in ASP.NET Web.config

<configuration> 
<connectionStrings> <add name="ConnString" 
connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory
|MyDatabase.mdf;Integrated Security=True;User Instance=True" /> 
</connectionStrings> 
</configuration>

The simplest way to encrypt the <connectionStrings> section is to use the “aspnet_regiis” command-line tool that located in the following folder:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

Executing the following command encrypts the <connectionStrings> section of a Web.Config file located in the path “c:\Websites\MyWebsite”

aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.

You can decrypt a <connectionStrings> section with the -pdf option like this:

aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"

ASP.NET page can read the value of the connection string using the following expression

<%$ ConnectionStrings:ConnString %>

Enjoy 🙂

Advertisements

One thought on “Encrypt a Connection Strings in ASP.NET Web.config

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s