Introduction
In Windows/Web based applications, it's not rational for you to put your ConnectionString
in the native/normal format! This is because anybody can see your userID/username and password!.
In this article, I want to teach you how to encrypt ConnectionString
and decrypt it as you wish.
Background
This feature was born in .NET Framework 2.0 (Visual Studio 2005).
Using the Code
First of all, we suggest you to create a static
class with the name Utilities
and put the below functions in it. After all, you can call just two functions for encryption and decryption of your connection string.
namespace DT.Security
{
public static class Utilities
{
public static void ProtectConnectionString()
{
ToggleConnectionStringProtection
(System.Windows.Forms.Application.ExecutablePath, true);
}
public static void UnprotectConnectionString()
{
ToggleConnectionStringProtection
(System.Windows.Forms.Application.ExecutablePath, false);
}
private static void ToggleConnectionStringProtection
(string pathName, bool protect)
{
string strProvider = "DataProtectionConfigurationProvider";
System.Configuration.Configuration oConfiguration = null;
System.Configuration.ConnectionStringsSection oSection = null;
try
{
oConfiguration = System.Configuration.ConfigurationManager.
OpenExeConfiguration(pathName);
if (oConfiguration != null)
{
bool blnChanged = false;
oSection = oConfiguration.GetSection("connectionStrings") as
System.Configuration.ConnectionStringsSection;
if (oSection != null)
{
if ((!(oSection.ElementInformation.IsLocked)) &&
(!(oSection.SectionInformation.IsLocked)))
{
if (protect)
{
if (!(oSection.SectionInformation.IsProtected))
{
blnChanged = true;
oSection.SectionInformation.ProtectSection
(strProvider);
}
}
else
{
if (oSection.SectionInformation.IsProtected)
{
blnChanged = true;
oSection.SectionInformation.UnprotectSection();
}
}
}
if (blnChanged)
{
oSection.SectionInformation.ForceSave = true;
oConfiguration.Save();
}
}
}
}
catch (System.Exception ex)
{
throw (ex);
}
finally
{
}
}
}
}
Points of Interest
After I learned this feature, I used it in all of my Windows/Web based applications!
History
- 8th September, 2007: First release