Encrypt ConnectionString in app.config

[Peter Larsen [CPH]]

Hi,

I use VS2008 and dotNet 3.5.

I want to encrypt the connection string section in the app.config file.
How do i do that ??

I know there is something included in dotnet, but i don't know what is "best
practice" - if any.

Thank you in advance.
BR
Peter.

 

[Jesse Houwing]

* Peter Larsen [CPH] wrote, On 14-9-2009 15:31:

Hi,

I use VS2008 and dotNet 3.5.

I want to encrypt the connection string section in the app.config file.
How do i do that ??

I know there is something included in dotnet, but i don't know what is "best
practice" - if any.

Thank you in advance.
BR
Peter.

ASP.NET has default support for these kinds of scenario's:
http://msdn.microsoft.com/en-us/library/ms998280.aspx

It seems to work for normal app.config as well, just temporarily rename
myexecutable.exe.config to web.config, run the tool, rename back to
myexecutable.exe.config.

 

[Gregory A. Beamer]

Hi,

I use VS2008 and dotNet 3.5.

I want to encrypt the connection string section in the app.config
file. How do i do that ??

I know there is something included in dotnet, but i don't know what is
"best practice" - if any.

The best practice is to use the tools included with .NET and encrypt, as
Jesse has mentioned.

NOTE: You should specify your own machine keys if you use encryption (at
least in an ISP scenario), as the server generated keys will be
different and require encrypting on the server. If you do not encrypt
with the right key, your app will bomb. If this is a web farm, use the
same keys on all machines. Otherwise, you have to encrypt the web.config
on each machine (nasty juju here).

Peace and Grace,


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

My vacation and childhood cancer awareness site:
http://www.crazycancertour.com

*******************************************
| Think outside the box! |
*******************************************

 

[Peter Larsen [CPH]]

Hi Jesse and Gregory,

Thanks for your comments.

Is this really the way - i mean - it seems like an alternative solution
(rename a file to make it work).
What you both say is that, there is a way for aps.net and it normally works
for winforms as well, right !!

BR
Peter

 

[Jesse Houwing]

* Peter Larsen [CPH] wrote, On 14-9-2009 22:04:

Hi Jesse and Gregory,

Thanks for your comments.

Is this really the way - i mean - it seems like an alternative solution
(rename a file to make it work).
What you both say is that, there is a way for aps.net and it normally works
for winforms as well, right !!

BR
Peter

Yups that's what we're saying. For Winforms Microsoft expects you to run
under Integrated Security and to use SSPI to connect to SQL and for
Certicifactes to be stored in the user store.

If you set up your system that way, there's no need to save secrets, so
there's no need for encryption in your app.config.

 

[Peter Larsen [CPH]]

But on application-servers, this won't work if you want to run the apps as
different users and change the passwords every weeks.
Well, it will work, but its going to be a password nightmare

/Peter

* Peter Larsen [CPH] wrote, On 14-9-2009 22:04:

Hi Jesse and Gregory,

Thanks for your comments.

Is this really the way - i mean - it seems like an alternative solution
(rename a file to make it work).
What you both say is that, there is a way for aps.net and it normally
works
for winforms as well, right !!

BR
Peter

Yups that's what we're saying. For Winforms Microsoft expects you to run
under Integrated Security and to use SSPI to connect to SQL and for
Certicifactes to be stored in the user store.

If you set up your system that way, there's no need to save secrets, so
there's no need for encryption in your app.config.

 

[Jie Wang [MSFT]]

Hi Peter,

Jesse and Gregory pointed to the right direction.

As for your concern that "it seems like an alternative solution", I can
provide you the official document that confirms "Although primarily
designed for ASP.NET, protected configuration can also be used to encrypt
configuration file sections in Windows applications.". See "Connection
Strings and Configuration Files (ADO.NET)"
(http://msdn.microsoft.com/en-us/library/ms254494.aspx), the "Encrypting
Configuration File Sections Using Protected Configuration" section.

The reason why "it is primarily designed for ASP.NET" is like what Jesse
explained in the previous post. But if you do want to store password in the
config file, then you can just use that tool. The underlying implementation
is just the same.

For more information on "Protecting Connection Information (ADO.NET)":
http://msdn.microsoft.com/en-us/library/89211k9b.aspx

Hope this helps.

Best regards,
Jie Wang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter Larsen [CPH]]

Hi Jie,

Thank you for straighten this out for me.

Br
Peter