0

In my .net application version 4.0, we are displaying both the userID and password in the connection string of app config file. I wanted to know how to secure the ID n Password - which can be implemented with minimal effort.

<db:provider id="dbProvider" provider="System.Data.SqlClient" connectionString="Data  Source=AdventureWorks;Initial Catalog=userDB;Persist Security Info=True;User ID=sa;Password=XXXXX"/>
Sammy
  • 798
  • 2
  • 8
  • 23
  • Possible duplication of http://stackoverflow.com/questions/2460911/encrypting-the-connection-string-in-web-config-file-in-c-sharp – DavidG May 19 '14 at 16:22
  • Short answer is that you don't. You use windows integrated security instead. – steve cook May 19 '14 at 16:42
  • @steve Integrated security isn't always available, what if the SQL Server is on another domain or in Azure cloud for example? – DavidG May 19 '14 at 16:56

2 Answers2

0

You could save your user and password encrypted as another settings in app.config. To use it, decrypt user and password and replace your connection string.

string connString = string.Format("Data Source=AdventureWorks;Initial Catalog=userDB;Persist Security Info=True;User ID={0};Password={1}", user, passord);

Hope it helps.

Fabio
  • 36
  • 5
0

Are you looking for encryption of web.config using aspnet_regiis.exe commandline. Something like aspnet-regiis-exe

Word of warning: since it's aspnet_regiis, it expects to be dealing with a web.config file - copy your app.config to a location and call it web.config, encrypt your sections, and copy those encrypted sections back into your own app.config.

Community
  • 1
  • 1
Justin Samuel
  • 1,063
  • 4
  • 16
  • 30