Almost 60% ASP.NET hosting’s done with third party vendors. These vendors have full access to your folder and your database. As a best practice we all store connection strings in our “web.config” file. If you are using SQL server authentication then you would be storing your userid and password in the connection string as shown below.
Data Source=localhost;Initial Catalog=YourDataBaseName;Integrated Security=True
I am not trying to say all vendors have bad intentions, but what if we have some funny people around. They can open the “web.config” file and see all the credentials.
So in order to avoid this situationwe need to encrypt our connection string. Now the one way is to go and write your own custom algorithm, encrypt it and decrypt it wherever necessary.
Good news !You do not need to do that.ASP.NET provides a very nice tool for encryptionof connection string :- “aspnet_regiis.exe”.
It’s a simple 3 step process to do encryption.
Step 1:- First define the connection string in web.config file like below my code.
<configuration>
<system.web>
<compilation debug=”true” targetFramework=”4.0″ />
</system.web>
<connectionStrings>
<add name=”ConStr” connectionString=”Data Source=localhost;Initial Catalog=YourDataBaseName;Integrated Security=True”/>
</connectionStrings>
</configuration>
In the above snippet code you can see that the connection string is easily visible by anyone because it is in a decrypted format
Step 2: - Just go to Visual Studio Command Prompt and use aspnet_regiis tool to encrypt the defined connection string like below diagram.
Let first try to understand what is aspnet_regiis -pef “connectionString” C:\Users\Administrator\Documents\visual studio 2010\Projects\Encrypt\Encrypt“
aspnet_regiis : it is a tool provided by .NET so that we can encrypt the connection string.
-pef : Encrypts the specified configuration section of the Web.config file in the specified physical (not virtual) directory.
connectionString : its section on which we actually apply the encryption.
C:\Users\Administrator\Documents\visual studio 2010\Projects\Encrypt\Encrypt” : This is location your file where exactly the web.config file located.
Now just execute the Visual Studio Command Prompt and if the encryption is done successfully a message will be displayed like below diagram.
Step 3:- Go to web.config file and you will see that connection string is now in encrypted format like below code.
<?xml version=”1.0″?>
<configuration>
<system.web>
<compilation debug=”true” targetFramework=”4.0″ />
</system.web>
<connectionStrings configProtectionProvider=”RsaProtectedConfigurationProvider”>
<EncryptedData Type=”http://www.w3.org/2001/04/xmlenc#Element“
xmlns=”http://www.w3.org/2001/04/xmlenc#“>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#tripledes-cbc” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#“>
<EncryptedKey xmlns=”http://www.w3.org/2001/04/xmlenc#“>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-1_5” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#“>
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>381qgI4o3vj3RKK2R2nqF0C8LV+M80T15Z7orKjQA7aX4LJyhdcch6JpkEN/hl5QsZdEJHxukdnUZGetEE35DiOXEjuN9lRsV
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>gdd7SZj6F8zhmb9xhkfakfM6oeqyrgGEJtTmtyld3IMAvXrwF2BlCDGzl2IPn8mBT97OQsNdZ/Pk3Y946JFRt8zfm
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Also see the following video on ASP.NET interview question :- What are master pages?
See for more stuffs on ASP.NET Interview question
Regards,
Click to view more from author’s on ASP.NET Interview question
Do not forget to buy our best selling .NET interview questions book from Flipkart by clicking here
