ASP.NET Interview Question: – How to encrypt connection string in Web.config file ( ASP.NET Training) ?

Almost 60% ASP.NET hosting’s done with third party vendors. These vendors have full access to your folder and your database. As a best practice we all store connection strings in our “web.config” file. If you are using SQL server authentication then you would be storing your userid and password in the connection string as shown below.

Data Source=localhost;Initial Catalog=YourDataBaseName;Integrated Security=True

I am not trying to say all vendors have bad intentions, but what if we have some funny people around. They can open the “web.config” file and see all the credentials.

So in order to avoid this situationwe need to encrypt our connection string. Now the one way is to go and write your own custom algorithm, encrypt it and decrypt it wherever necessary.

Good news !You do not need to do that.ASP.NET provides a very nice tool for encryptionof connection string :- “aspnet_regiis.exe”.

It’s a simple 3 step process to do encryption.

Step 1:- First define the connection string in web.config file like below my code.

<configuration>
<system.web>
<compilation debug=”true” targetFramework=”4.0″ />
</system.web>
<connectionStrings>
<add name=”ConStr” connectionString=”Data Source=localhost;Initial Catalog=YourDataBaseName;Integrated Security=True”/>
</connectionStrings>
</configuration>

In the above snippet code you can see that the connection string is easily visible by anyone because it is in a decrypted format

Step 2: – Just go to Visual Studio Command Prompt and use aspnet_regiis tool to encrypt the defined connection string like below diagram.

asp

Let first try to understand what is aspnet_regiis -pef “connectionString” C:\Users\Administrator\Documents\visual studio 2010\Projects\Encrypt\Encrypt

aspnet_regiis : it is a tool provided by .NET so that we can encrypt the connection string.

-pef : Encrypts the specified configuration section of the Web.config file in the specified physical (not virtual) directory.

connectionString : its section on which we actually apply the encryption.

C:\Users\Administrator\Documents\visual studio 2010\Projects\Encrypt\Encrypt” : This is location your file where exactly the web.config file located.

Now just execute the Visual Studio Command Prompt and if the encryption is done successfully a message will be displayed like below diagram.

asp

Step 3:- Go to web.config file and you will see that connection string is now in encrypted format like below code.

<?xml version=”1.0″?>
<configuration>
<system.web>
<compilation debug=”true” targetFramework=”4.0″ />
</system.web>
<connectionStrings configProtectionProvider=”RsaProtectedConfigurationProvider”>
<EncryptedData Type=”http://www.w3.org/2001/04/xmlenc#Element
                             xmlns=”http://www.w3.org/2001/04/xmlenc#“>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#tripledes-cbc” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#“>
<EncryptedKey xmlns=”http://www.w3.org/2001/04/xmlenc#“>
<EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-1_5” />
<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#“>
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>381qgI4o3vj3RKK2R2nqF0C8LV+M80T15Z7orKjQA7aX4LJyhdcch6JpkEN/hl5QsZdEJHxukdnUZGetEE35DiOXEjuN9lRsV
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>gdd7SZj6F8zhmb9xhkfakfM6oeqyrgGEJtTmtyld3IMAvXrwF2BlCDGzl2IPn8mBT97OQsNdZ/Pk3Y946JFRt8zfm
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>

Also see the following video on ASP.NET interview question :- What are master pages?

See for more stuffs on ASP.NET Interview question

Regards,

Click to view more from author’s on ASP.NET Interview question

Do not forget to buy our best selling .NET interview questions book from Flipkart by clicking here

Advertisements

About c# and .NET Interview questions

This blog is for developers who want to crack .NET and C# interviews. It has all tips and tricks needed to crack .NET interviews , C# interview , SQL Server interview , Java interview , WCF Interview , Silverlight interview , WPF interview , LINQ interview , Entity framework Interview. Do not forget to watch our Learn step by step video series. Learn MVC in 16 hours:- https://www.youtube.com/watch?v=Lp7nSImO5vk Learn AngularJS Step by Step:- https://www.youtube.com/watch?v=0kmdjqgO9IY Learn Design Pattern in 8 hours:- https://www.youtube.com/watch?v=YDobmucohqk Learn C# and .NET in 60 days:- https://www.youtube.com/watch?v=yh2SrzCkNQA Learn MSBI in 32 hours:- https://www.youtube.com/watch?v=mGPJx3ocFgg Learn SharePoint Step by Step in 8 hours:- https://youtu.be/C2fW76SwJNU
This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s