Encrypted Connection Strings

Question

5.00/5 (2 votes)

See more:

Okay, I found a link online walking me through how to encrypt the connection string portion of the web.config file. Is there anyone who's ever done this that can answer a couple of questions for me? I tried googling the answers but nothing came up that explained what I needed to know.

A little background as to why we are doing this. I need to download data from an outside source that my supervisor has access to. He wants me to download this data daily rather than monthly (which he has to do for me). He wants to put in his user name and password for the connection information and then we'll encrypt it so I can't see his log on information.

The questions I have are as follows:

1. Can you encrypt a development connection string? The instructions I see seem to show it being encrypted after it's deployed.
2. Once you encrypt the connection string information can you add other connection strings? If yes, do you need to decrypt and re-encrypt or are they added without encrypting?
3. Also he has to reset his password every 60-90 days. Does that mean he'll have to decrypt the connectin string, input his new password and then re-encrypt it again?

If you don't have experience with this but know a good on-line source I'd take that also. I just want to understand how this is going to work before I try to implement it.

Thanks,
Carolyn

Posted 10-Feb-12 9:04am

CARisk3

Add a Solution

3 solutions

Solution 1

1 - If you can do it at all, I'm sure you can do it in development. How you handle that is up to you. But, unless there's a built in decryption method that doesn't involve your code, you're going to be able to decrypt it and read it anyhow

2 - I have no idea, sorry, if the setting for encryption is not on the connection string level, then I assume they all need to be encrypted or not.

3 - Yes, of course it does.

Posted 10-Feb-12 10:21am

Christian Graus

Solution 2

Well, I tried to encrypt the development web.config and it didn't work. I did find the following article that makes it seem as if I can't encrypt the development web.config, I can only encrypt the deployed one.

http://www.emmet-gray.com/Articles/EncryptConnectionStrings.htm[^]

If anyone knows of a way this can be done, please let me know.

Thanks,
Carolyn

Posted 10-Feb-12 11:47am

CARisk3

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Espen Harlinn · Accepted Answer · 2012-02-11T04:56:00

Solution 3

Why not use SSPI - your web application is proably running under a service user account[^]. SSPI allows SQL authentication to be tied to the service user account - this way there will be no need to save username and password in the web.config.

Best regards
Espen Harlinn

Posted 11-Feb-12 4:56am

Espen Harlinn

Comments

Wonde Tadesse 11-Feb-12 10:58am

5+.Perfect this is the right soln.

Espen Harlinn 11-Feb-12 11:03am

Thank you, Wonde!

Tech Code Freak 12-Feb-12 1:01am

5up!

Espen Harlinn 13-Feb-12 14:03pm

Thank you, Tech Code Freak!

CARisk3 13-Feb-12 13:00pm

Okay. I guess I should have been more specific in the background information. We don't own this information or the system that the information is stored on. It's PHI (personal health information) data and it's not store in an sql database. It's stored in an application specific storage. The connection string not only contains user name and password but also the location of the stored data.

thatraja 13-Feb-12 13:39pm

5!

Espen Harlinn 13-Feb-12 14:03pm

Thank you, thatraja :)

thatraja 13-Feb-12 14:14pm

Hi, I'll send you mail(May be lengthy one) tomorrow or soon.

Espen Harlinn 13-Feb-12 14:14pm

Ok :)

Encrypted Connection Strings

3 solutions

Solution 3

Solution 1

Solution 2

Add your solution here

Preview 0

Encrypted Connection Strings

3 solutions

Solution 3

Solution 1

Solution 2

Add your solution here

Preview 0

Existing Members

...or Join us