Encrypt and Decrypt Connection Strings in Web Config

Introduction:

Today in this article, I will explain how we can encrypt and secure our connection string in web config file. This post provides a basic reference on how basic protection can be achieved using the aspnet_regiis.exe tool, by default installed with .Net Framework.

So it is always recommended to encrypt the connection string of your application because the data we have here is highly sensitive. It must be secured. Here I am going to show you a demo of how we can do that,

Follow these instructions in order to implement “Encrypt and Decrypt Connection Strings in Web.config Using aspnet_regiis.exe”

Plain Connection String in Web.config file before encryption.

Below screenshot shows the plain connection string before encryption

Open Developer Command Prompt.

You will need to open Developer Command Prompt from Start Menu > Microsoft Visual Studio 2013 > Common7 > Tools > Shortcuts

Note: You must be log in as Administrator and right click Developer command prompt Prompt and select Run as Administrator.

Note: In this Article, I explain the process using Microsoft Visual Studio 2013. This process is same for the other versions. The only difference will be that you need to open Visual Studio Command Prompt from the folder of their respective version of Visual Studio installed on your computer.

Encrypting the Connection String in Web.Config using aspnet_regiis.exe tool.

For encrypt the connection string in the Web.config file, you will need to use the aspnet_regiis.exe tool.

Syntax:

aspnet_regiis.exe -pef "connectionStrings" "<Path of the Folder containing the Web.Config file>"

This command requires 3 arguments:

  1. –pef: It represents the action to be performed. In order to perform Encryption, the parameter value is -pef.
  2. connectionStrings: It represents section of the Web.Config file to be encrypted. For this case, the value will be connectionStrings.
  3. Path of Folder: Here we need to provide the path of folder that containing the Web.config file

Example:

aspnet_regiis.exe -pef  "connectionStrings" "D:\My Project\Testwebsite"

Above command will encrypt the all the Connection Strings in the connectionStrings section of Web.Config file.

Connection String in Web.config file after Encryption

Access the Encrypted Connection String in Code behind

Asp.net will automatically decrypt the connection string when it is fetched in code behind, so you need to access the connection string in same way as you would be in a general way

public partial class _Default : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["con"].ConnectionString);
    protected void Page_Load(object sender, EventArgs e)
    {

    }
}

Decrypt the Connection String in Web.Config using aspnet_regiis.exe

For decrypting the ConnectionString section in the Web.Config file, we will need to use the aspnet_regiis.exe tool that was used for encryption.

Syntax:

aspnet_regiis.exe -pdf "connectionStrings" "<Path of the Folder containing the Web.Config file>"

This command requires 3 arguments:

  1. –pdf: It represents the action to be performed. In order to perform Decryption, the parameter value is -pdf.
  2. connectionStrings: It represents section of the Web.Config file to be decrypted. For this case, the value will be connectionStrings.
  3. Path of Folder: Here we need to provide the path of folder that containing the Web.config file

Example:

aspnet_regiis.exe -pdf  "connectionStrings" "D:\My Project\Testwebsite"

Above command will decrypt the all the Connection Strings in the connectionStrings section of Web.Config file.

Note: This decryption process is machine specific means, connectionStrings can be decrypted on the same machine where we perform encryption.

Theo: tutorialslink