Tuesday, June 3, 2014

Security in the Asp.net Web.config files to Encrypt and Decrypt the Connection String

By:LOKESH at Labels:
How to Encrypt and Decrypt the connections strings in the web.config file

Step 1:- To know the all possibilities of the commands using for encryption and decryption

StartàOpen Visual studio Command prompt àRun as administration à typeà
aspnet_regiis.exe

And u will get like this




Scroll down and check the options of -pe and –pd
Step 2:-Example connection string in the web.config file without Encrypt
<connectionStrings>
  <add
    name="NorthwindConnection"
    connectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;" />
</connectionStrings>

Type this command in the command prompt for Encryption
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication"
 
Command Explanation 
 
Assume my application name in the IIS is  “MySampleSite”

aspnet_regiis -pe "connectionStrings" -app "/MySampleSite"
 
You will get the successful message 
 
After Encrypting Connection string is look like 
 
<configuration>
   <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
      <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
         xmlns="http://www.w3.org/2001/04/xmlenc#">
         <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
               <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
               <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <KeyName>RSA Key
                  </KeyName>
               </KeyInfo>
               <CipherData>
                  <CipherValue>WcFEbDX8VyLfAsVK8g6hZVAG1674ZFc1kWH0BoazgOwdBfinhcAmQmnIn0oHtZ5tO2EXGl+dyh10giEmO9NemH4YZk+iMIln+ItcEay9CGWMXSen9UQLpcQHQqMJErZiPK4qPZaRWwqckLqriCl9X8x9OE7jKIsO2Ibapwj+1Jo=
                  </CipherValue>
               </CipherData>
            </EncryptedKey>
         </KeyInfo>
         <CipherData>
            <CipherValue>OpWQgQbq2wBZEGYAeV8WF82yz6q5WNFIj3rcuQ8gT0MP97aO9SHIZWwNggSEi2Ywi4oMaHX9p0NaJXG76aoMR9L/WasAxEwzQz3fexFgFSrGPful/5txSPTAGcqUb1PEBVlB9CA71UXIGVCPTiwF7zYDu8sSHhWa0fNXqVHHdLQYy1DfhXS3cO61vW5e/KYmKOGA4mjqT0VZaXgb9tVeGBDhjPh5ZlrLMNfYSozeJ+m2Lsm7hnF6VvFm3fFMXa6+h0JTHeCXBdmzg/vQb0u3oejSGzB4ly+V9O0T4Yxkwn9KVDW58PHOeRT2//3iZfJfWV2NZ4e6vj4Byjf81o3JVNgRjmm9hr9blVbbT3Q8/j5zJ+TElCn6zPHvnuB70iG2KPJXqAj2GBzBk6cHq+WNebOQNWIb7dTPumuZK0yW1XDZ5gkfBuqgn8hmosTE7mCvieP9rgATf6qgLgdA6zYyVV6WDjo1qbCV807lczxa3bF5KzKaVUSq5FS1SpdZKAE6/kkr0Ps++CE=
            </CipherValue>
         </CipherData>
      </EncryptedData>
   </connectionStrings>
</configuration>
 
 
As usually you can access the connection strings will work 
 
Step 3:- Type this command in the command prompt for Decryption
aspnet_regiis -pd "connectionStrings" -app "/SampleApplication"

 
Command Explanation 
 
Assume my application name in the IIS is  “MySampleSite”

aspnet_regiis -pd "connectionStrings" -app "/MySampleSite"


Read More »
No comments:
Subscribe to: Posts (Atom)