Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Encrypting Webconfig file values in .Net 1.1 Framework

0 views
Skip to first unread message

madhusrp

unread,
May 8, 2008, 3:23:00 PM5/8/08
to
Hi,
Could anyone suggest me an idea to encrypt the webconfig file's connection
string in the framework 1.1.

Thank you in Advance
--
Lets Learn and Make All Learn

Mark Rae [MVP]

unread,
May 8, 2008, 4:04:51 PM5/8/08
to
"madhusrp" <madh...@discussions.microsoft.com> wrote in message
news:35FC91DD-2EF5-4D25...@microsoft.com...

> Could anyone suggest me an idea to encrypt the webconfig file's
> connection
> string in the framework 1.1.

Use any of the built-in methods in the System.Security.Cryptography
namespace:
http://msdn.microsoft.com/en-us/library/system.security.cryptography(VS.71).aspx

I'm curious as to why you need to do this...


--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Teemu Keiski

unread,
May 8, 2008, 4:09:33 PM5/8/08
to
Hi,

here's a walkthrough from "Building Secure ASP.NET Applications"

http://msdn.microsoft.com/en-us/library/aa302403.aspx#secnetht08_step3
How To: Use DPAPI (Machine Store) from ASP.NET 1.1

--
Teemu Keiski
AspInsider, ASP.NET MVP
http://blogs.aspadvice.com/joteke
http://teemukeiski.net


"madhusrp" <madh...@discussions.microsoft.com> wrote in message
news:35FC91DD-2EF5-4D25...@microsoft.com...

Mark Stevens

unread,
May 9, 2008, 3:19:51 AM5/9/08
to
On Thu, 8 May 2008 21:04:51 +0100, "Mark Rae [MVP]"
<ma...@markNOSPAMrae.net> wrote:

>I'm curious as to why you need to do this...

It is always prudent to encrypt sensitive information and connection
strings fall into this category. Given that MS have provided an API
and method of doing this they obviously feel the same way.

Cheers,
Mark
--
|\ _,,,---,,_ A picture used to be worth a
ZZZzzz /,`.-'`' -. ;-;;, thousand words - then along
|,4- ) )-,_. ,\ ( `'-' came television!
'---''(_/--' `-'\_)

Mark Stevens (mark at thepcsite fullstop co fullstop uk)

This message is provided "as is".

Mark Rae [MVP]

unread,
May 9, 2008, 5:55:47 AM5/9/08
to
"Mark Stevens" <ne...@nospam.nospam> wrote in message
news:aiu724948qaa812kp...@4ax.com...

>>I'm curious as to why you need to do this...
>
> It is always prudent to encrypt sensitive information and connection
> strings fall into this category.

Are you worried that someone might hack your server and steal a copy of
web.config? If so, then the file's contents are surely the least of your
worries...

> Given that MS have provided an API and method of doing this they
> obviously feel the same way.

The Cryptography namespace is not *just* for web.config - it can be used to
encrypt anything...

0 new messages