-1

Need to have log4net configuring with sql in my project , but due to security reasons must not have the connection string details on the web.config . What are the alternatives ? Just need to hide the ConnectionString only .

{
    var settings = ConfigurationManager.ConnectionStrings[1];
    var fi = typeof(ConfigurationElement).GetField("_bReadOnly", 
    BindingFlags.Instance | BindingFlags.NonPublic);
    fi.SetValue(settings, false);
    string connection = GetConnection();//To get the connection 
    details using a service
    settings.ConnectionString = connection;
}

This is not solving my issue , hiding the connection string details . The connection details to be pass to the web.config to consume the log.net sql logging

Rafael
  • 727
  • 13
  • 30
Joe
  • 509
  • 4
  • 11

2 Answers2

2
   Finally, the one which helped me to pass the connection information to ado.net appender 


 public static class LogConfigurator
 {
  public static void SetConnectionString(string connectionString)
  {
       Hierarchy logHierarchy = log4net.LogManager.GetRepository() as 
                                Hierarchy;

        if (logHierarchy == null)
       {
        throw new InvalidOperationException
           ("Can't set connection string as hierarchy is null.");
    }

    var appender = logHierarchy.GetAppenders()
                               .OfType<AdoNetAppender>()
                               .SingleOrDefault();

    if (appender == null)
    {
        throw new InvalidOperationException
          ("Can't locate a database appender");
    }

    appender.ConnectionString = connectionString; // Using a service to get 
    //the connection information 
    appender.ActivateOptions();

} }

web.config , give the same name for ado.net appender to take the connection
<connectionStringName value="ConnectionString" /> 

  <connectionStrings>
  <add name="ConnectionString" connectionString=""
  providerName="System.Data.SqlClient" />
  </connectionStrings>
Joe
  • 509
  • 4
  • 11
1

You could store the connection string in a separate file which you can keep out of source control to avoid exposing the credentials. Add the following to your Web.config file:

<configuration>
    <connectionStrings configSource="connections.secret.config" />
</configuration>

Then create a connections.secret.config file, but keep it away from your solution:

<connectionStrings>
    <add name="connection_name" connectionString="your_connection" providerName="System.Data.SqlClient" />
</connectionStrings>

You will need to make sure you provide the connection string wherever you end up deploying your code using an environment variable or similar.

benjrb
  • 766
  • 1
  • 5
  • 13
  • Thanks for the solution, but still we are trying to hide the info from the any config file. And the file is not available with solution the "build" going to trouble – Joe Feb 02 '18 at 16:00
  • 1
    In that case I would suggest encrypting the Web.config https://msdn.microsoft.com/en-us/library/bb986855.aspx – benjrb Feb 02 '18 at 16:11
  • thanks Benjrb , that would an option . Mean time , I found another way of getting the connection using a service and pass that to the Ado.net Appender – Joe Feb 02 '18 at 16:59
  • https://stackoverflow.com/questions/13509988/log4net-adonetappender-connection-string-reference?rq=1 – Joe Feb 02 '18 at 17:50