4

I want to encrypt the connectionstrings in my web.config. And my application will be deployed in web farm.

I tried reading some blogs about this, but got confused.

Can somebody tell me a link which they have really tried and got succeded.

peterh
  • 11,875
  • 18
  • 85
  • 108
alice7
  • 3,834
  • 14
  • 64
  • 93

3 Answers3

3

You may have considered this, but if not: the RSAProtectedConfigurationProvider can use either machine-level or user-level keys to encrypt. The default is machine-level. This means you can't encrypt your web.config once and deploy it to every machine in your web farm. You must encrypt it on each machine since the key to encrypt and decrypt only exists on that machine.

You can get around this problem by using a user-level key or sharing a key across all web farm machines:

Corbin March
  • 25,526
  • 6
  • 73
  • 100
2

We use the RSA Protected Configuration provider. That page isn't light reading, but it's got what you need.

I recommend the command like so (example from the article):

aspnet_regiis.exe -pef "connectionStrings" C:\Projects\MachineRSA

lance
  • 16,092
  • 19
  • 77
  • 136
  • Yes, but we don't import/export keys. We perform the encryption per instance. Nevertheless, from the article's summary: "You can use Aspnet_regiis.exe tool to encrypt sensitive data, such as connection strings, held in the Web.config and Machine.config files. You can easily export and import RSA keys from server to server. This makes RSA encryption particularly effective for encrypting configuration files used on multiple servers in a Web farm." – lance Jun 10 '09 at 15:34
  • One quick question, How would I know that I need to import/export keys in my web farm scenario. Is it optional? Can you give me any scenario. – alice7 Jun 10 '09 at 15:39
  • Well, each box will need a key, so you can either re-use a key from a different box (export, then import on the new box -- if I understand that correctly) or re-create a key per box (our implementation). – lance Jun 10 '09 at 17:30
1

Before encrypting the connection strings, think about what you are trying to protect against by encrypting them. Your application will need access to the cleartext connection string in order and therefore will need access to the key. Therefore, an attacker who compromises your ASP.Net application will likely be able to steal the key and your protected connection string. So encryption is not really adding much benefit.

Instead of encryption, focus on how that file is handled by operations personnel and the file permissions that are applied in production. Only allow Read access to the ASP.Net worker pool account that your application runs as.

Chris Clark
  • 546
  • 2
  • 4
  • Sadly, some business regulations don't think in a logical manner and we have to deal with this sort of problem. – Justin Aug 02 '12 at 20:09