Encrypt a Connection Strings in ASP.NET Web.config

In this hint, I elaborates How to encrypt and deycrypt a Connection Strings in ASP.NET Web.config

<configuration> 
<connectionStrings> <add name="ConnString" 
connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory
|MyDatabase.mdf;Integrated Security=True;User Instance=True" /> 
</connectionStrings> 
</configuration>

The simplest way to encrypt the <connectionStrings> section is to use the “aspnet_regiis” command-line tool that located in the following folder:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

Executing the following command encrypts the <connectionStrings> section of a Web.Config file located in the path “c:\Websites\MyWebsite”

aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.

You can decrypt a <connectionStrings> section with the -pdf option like this:

aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"

ASP.NET page can read the value of the connection string using the following expression

<%$ ConnectionStrings:ConnString %>

Enjoy 🙂

Advertisements