Saturday, April 25, 2009

how to encrypted connection string in web.config

using System.Web.Security;

using System.Configuration;

using System.Web.Configuration;



Encrypt


Configuration Myconfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = Myconfig .GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
Myconfig .Save();
}


Decrypt


Configuration Myconfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = Myconfig .GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
Myconfig .Save();
}


Note
once the data is encrypted, when it's read from an ASP.NET page (i.e., reading the connection string
information from a SqlDataSource control or programmatically, via ConfigurationManager.ConnectionStrings[connStringName].ConnectionString),
ASP.NET automatically decrypts the connection string and returns the plain-text value.

No comments: