Encrypted and Decrypted Conn String Programatically

R

Ranginald

Hi,

I have a question about encrypting connection strings in an asp.net 2.0
app in a shared hosting environment. From what I have read, I believe
I need to programatically encrypt and decrypt the conn string because I
do not have access to run aspnet_regiis on the remote machine.

My question is where to do I put the code?
Do I first encrypt the connection string on page_load, and then every
time I need to access the database decrypt the code? How do I start
with the conn string encoded, and then decrypt it only when needed.
There is a great sample by David Hayden and I understand the concept, I
just don't know where to "put" everything.
(http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx)

Thanks in advance!
-David
 
N

Nobody

Ranginald said:
Hi,

I have a question about encrypting connection strings in an asp.net 2.0
app in a shared hosting environment. From what I have read, I believe
I need to programatically encrypt and decrypt the conn string because I
do not have access to run aspnet_regiis on the remote machine.

My question is where to do I put the code?
Do I first encrypt the connection string on page_load, and then every
time I need to access the database decrypt the code? How do I start
with the conn string encoded, and then decrypt it only when needed.
There is a great sample by David Hayden and I understand the concept, I
just don't know where to "put" everything.
(http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx)

Thanks in advance!
-David

You have aspnet_regiis on every machine that has the .net framework
installed.

You don't need to encrypt & decrypt programatically as that happens
automagically by the framework. Just encrypt it once during installation
with aspnet_regiis and forget about it.

You can't encrypt the web.config during development and ship that one
because its specific to a machines private keys.
 
R

Ranginald

If I encrypt it with aspnet_regiis on my local machine, how do I
decrypt it on the production (shared hosting server)? e.g. When is
"installation"?

I read a Iot about the topic before I posted and I thought I had to
have access to aspnet_regiis on the remote machine in order to use
aspnet_regiis....something about copying the keys to the remote server.

If I encrypt it locally as you say using aspnet_regiis, do I use RSA or
DPAPI?

Thanks,
David

(nice use of "automagically")
 
N

Nobody

Ranginald said:
If I encrypt it with aspnet_regiis on my local machine, how do I
decrypt it on the production (shared hosting server)? e.g. When is
"installation"?

I read a Iot about the topic before I posted and I thought I had to
have access to aspnet_regiis on the remote machine in order to use
aspnet_regiis....something about copying the keys to the remote server.

If I encrypt it locally as you say using aspnet_regiis, do I use RSA or
DPAPI?

Thanks,
David

(nice use of "automagically")

I meant: you run aspnet_regiis on the server as part of the process of
"copying the website over to the production server". Once you've copied
everything over to your production server you run aspnet_regiis ON THE
SERVER and the web.config is encrypted using that machines private keys, so
it wont be able to be read on any other machine.

You should be putting your connection strings in the
"connectionStrings" section in your web.config. Now, in your code, when you
want to access it, you access it like so:

SqlConnection sqlCon = new
SqlConnection(ConfigurationManager.ConnectionStrings["cstrDatabase"].ToString());

thats it... no encryption, decryption is necessary on your part as it all
happens "automagically"... of course as I said earlier, if you copy an
encrypted web.config to another machine, it will no longer work. Its
encrypted per machine.
 
R

Ranginald

Right...but the whole problem is that I can't run aspnet_regiis on the
server.......it's shared hosting.
Nobody said:
Ranginald said:
If I encrypt it with aspnet_regiis on my local machine, how do I
decrypt it on the production (shared hosting server)? e.g. When is
"installation"?

I read a Iot about the topic before I posted and I thought I had to
have access to aspnet_regiis on the remote machine in order to use
aspnet_regiis....something about copying the keys to the remote server.

If I encrypt it locally as you say using aspnet_regiis, do I use RSA or
DPAPI?

Thanks,
David

(nice use of "automagically")

I meant: you run aspnet_regiis on the server as part of the process of
"copying the website over to the production server". Once you've copied
everything over to your production server you run aspnet_regiis ON THE
SERVER and the web.config is encrypted using that machines private keys, so
it wont be able to be read on any other machine.

You should be putting your connection strings in the
"connectionStrings" section in your web.config. Now, in your code, when you
want to access it, you access it like so:

SqlConnection sqlCon = new
SqlConnection(ConfigurationManager.ConnectionStrings["cstrDatabase"].ToString());

thats it... no encryption, decryption is necessary on your part as it all
happens "automagically"... of course as I said earlier, if you copy an
encrypted web.config to another machine, it will no longer work. Its
encrypted per machine.
 
N

Nobody

Ranginald said:
Right...but the whole problem is that I can't run aspnet_regiis on the
server.......it's shared hosting.
Nobody wrote:

<snip>

you can encrypt the sections programatically too... but you don't need to
encrypt/decrypt to read the settings, you just need to encrypt it once and
be done...

Here is some code (although it works on the appSettings portion)...

// open the configuration manager

Configuration config =
WebConfigurationManager.OpenWebConfiguration(HostingEnvironment.ApplicationVirtualPath);

// get the appSettings section

ConfigurationSection section = config.GetSection("appSettings");

// create the appSettings section if it doesn't exist

if (section == null)
{
section = new AppSettingsSection();
config.Sections.Add("appSettings", section);
bDirty = true;
}

// cast to the appSettings type

AppSettingsSection appSettings = (AppSettingsSection)section;

// attempt to read the private key

string strKey = appSettings.Settings["privateKey"].Value;

// create the key if it doesn't exist

if (strKey == null)
{
TripleDESCryptoServiceProvider alg = new
TripleDESCryptoServiceProvider();
strKey = Convert.ToBase64String(alg.Key);
appSettings.Settings.Add("privateKey", strKey);
bDirty = true;
}

// protect the section if it isn't already protected

if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
bDirty = true;
}

if (bDirty)
config.Save();

return strKey;
}
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top