Dotnet Stuff

Encrypt ConnectionString in Web.config of ASP.NET

Normal practice is to store connection string(database, excel, etc.) of any web application in web.config file.

But on security point of view placing the database connection string or any of that sort in a web.config file without encryption is not secure at all.

So it is mandatory to protect the configurations like connection strings etc. That means place only the encrypted connection strings in web.config file.

To encrypt a section of your web.config execute the following command in the visual studio command prompt.

aspnet_regiis -pef “section name to encrypt” “Physical path of the web application”
Eg:-
aspnet_regiis -pdf “ConnectionString” “D:\MyWebApp\MyBlog”

To decrypt the encrypted section on your system use the following command

aspnet_regiis -pdf “section name to encrypt” “Physical path of the web application”
Eg:-
aspnet_regiis -pdf “ConnectionString” “D:\MyWebApp\MyBlog”

parameter -pef is used for encryption and -pdf is for decryption.

 

Related posts:

  1. ASP.NET Interview Questions
  2. OWIN in ASP.NET Core| What is OWIN in .NET?
  3. How To Select an XML Node Element Values According to a Specific Attribute Value – C#,VB.NET
  4. How To Select Required Number Of Nodes From Top or Bottom Using XPATH – C#,VB.NET

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copywright 2017 Dotnetstuffs All Rights Reserved

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap