Articles → .NET → Encryption Of Connection String
Encryption Of Connection String
- RSAProtectedConfigurationProvider → This provider uses the RSA Public Key Encryption algorithm to encrypt and decrypt data.
- DataProtectionConfigurationProvider → This provider uses Windows Data Protection Application Programming Interface (DPAPI) to encrypt and decrypt data.
Sample web.config file
<connectionStrings><add name="test" connectionString="server=testserver;initial catalog=testdb;uid=aa;pwd=aa" providerName="System.Data.SqlClient" /></connectionStrings>
Rsaprotectedconfigurationprovider
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected) {
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
Output
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"><EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><EncryptedKey
xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><KeyName>Rsa Key</KeyName></KeyInfo><CipherData><CipherValue>t9XJlCDdLbWpT/WIlrsMjSGqjrgx7tFc3tUVn8NJv9ZEvZfT8SJTQK7Dt8BGuZsY72vx5n2LhOFCg6/0PZZH8dx90G4jq7J7WYatoxlAfGY8YyFHsNXSKTBjuynLJREx9jBYEkKiFMM3rG05Qb8VSdy9/7DdoNljtBo6RJWmKlE=</CipherValue></CipherData></EncryptedKey></KeyInfo><CipherData><CipherValue>RV6iiIkbwqK4aQossaivlW3nEU73t9aRzjcy4/RWlItL9eU361AsMgbCDR+ZhnBB3D1WTvMT7Pq73cO36ZUk+6qyq6KxYoIZx3+VjRaxT4Dpzz0W06wVZUB1madn9jWKq9iS8JgcGNauM4Aw8DsNWkifdQCZw4qCqULgLF33OiQtXHZQy7I2hTMXBeEW/X5bYEDNj0SkZEwKwqMZVpeqXguFoKk4FsGPK+lNdabAVIpUDCQs58C6LNmySuc20vNN</CipherValue></CipherData></EncryptedData></connectionStrings>
Dataprotectionconfigurationprovider
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected) {
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
config.Save();
}
Output
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider"><EncryptedData><CipherData><CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA0NdApUSEu0umGOiY4cUyogQAAAACAAAAAAADZgAAqAAAABAAAAAKz6tVcivUIVEnqMsFWqyzAAAAAASAAACgAAAAEAAAAEQ1f9bUizIIcXuoYkmjLI1oAQAA7++WWz3edCd8Z/qsISYaTjx+9ARo23sx7EE79Nb5gmikFM9XG8g7+uub5NByV2QKYmK0rivGNDR/4RimFsAcXDDBqdMMFZq6zDlzDHi8LyAWCxhNOyjp70oXPb+bZgAtjpUUTtVGBP0A2HfjkkrXFZD9blHo0nN9LC3RAW5WvG+qEWIML2m+8pV636j6ntcftLkFd7ZZCAc6O5WHmocSF5onff4CWWyjzA33HSHBFtFfpytFBRuDQptbalCvhl6XMMVfcISq+hyxAtHj3u1pJW7iX+Tz9Y7VUXDEIB+ouBJOft1ZFDQM1mZZLNFhCEF+2lGW6CawrwQT/usV343mTfEXq6ci04wUTTdYDVQ8sGmLJ6AC2owWrpHVrZnVxFs26OKYB7h3/wURNfsVElmgK7gP73zfhnKzjhCth5QvFGurWIPRfBbG+Wa9x4zBkCj4/7Ie9AyP95GFYdJB84WcdvQql40+6QHeFAAAAIP4PSJqCvZzoLTUhEssXIVl82Ay</CipherValue></CipherData></EncryptedData></connectionStrings>
To Decrypt Data
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected) {
section.SectionInformation.UnprotectSection();
config.Save();
}