(untagged)

Encrypt connectionStrings section of web.config

ASP.NET Community

0.00/5 (No votes)

11 Mar 2010

Web.Config <add name=ConnString connectionString=Data Source=.SQLEXPRESS;

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

Web.Config
<configuration>
    <connectionStrings>
        <add name="ConnString" connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|MyDatabase.mdf;Integrated Security=True;User Instance=True" />
    </connectionStrings>
</configuration>

The easiest way to encrypt the <connectionStrings> section is to use the aspnet_regiis command-line tool.
This tool is located in the following folder:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

Executing the following command encrypts the <connectionStrings> section of a Web.Config file
located in a folder with the path c:\Websites\MyWebsite:

    aspnet_regiis -pef connectionStrings "c:\Websites\MyWebsite"

The -pef option (Protect Encrypt Filepath) encrypts a particular configuration section located at a particular path.

You can decrypt a section with the -pdf option like this:
    aspnet_regiis -pdf connectionStrings "c:\Websites\MyWebsite"

ASP.NET page can read the value of the connection string by using the <%$ ConnectionStrings:ConnString %> expression

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here