In this hint, I elaborates How to encrypt and deycrypt a Connection Strings in ASP.NET Web.config
<configuration> <connectionStrings> <add name="ConnString" connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory |MyDatabase.mdf;Integrated Security=True;User Instance=True" /> </connectionStrings> </configuration>
The simplest way to encrypt the <connectionStrings> section is to use the “aspnet_regiis” command-line tool that located in the following folder:
Executing the following command encrypts the <connectionStrings> section of a Web.Config file located in the path “c:\Websites\MyWebsite”
aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"
The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.
You can decrypt a <connectionStrings> section with the -pdf option like this:
aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"
ASP.NET page can read the value of the connection string using the following expression
<%$ ConnectionStrings:ConnString %>