Encrypt ConnectionString in entity framework (first code)

后端未结

关注

 3  1762

有刺的猬 2020-12-16 22:20

How can i protect my connection string? I want to use Entity framework 4.1 (first code) in C#, but it is important to me that other people can not see my Connection String.<

3条回答

心在旅途 (楼主)

2020-12-16 22:58

You can arrest calls to the connection string from the Context Class (DBContext or IdentityDbContext if using ASPNET Identity) and modify the connection string returned. In my case, instead of encrypting the entire connection string, I chose to encrypt just the password. You can use the same approach to encrypt the entire connection string.

Note: The function (StringCipher.Decrypt) used to encrypt and decrypt came from this thread -> https://stackoverflow.com/a/1344255/1390025

Here is where you arrest the call to the connection string

        public YourDB()
        : base(GetSqlConnection("DefaultConnection"))
    {}

In the above scenario I'm getting the connection string from app.config or web.config. However, as per your request, you can encrypt the entire connection string and like the example below;

public YourDB()
        : base(StringCipher.Decrypt("your-encrypted-connection-string", "passphrase-used-to-encrypt"))
    {}

In the scenario where only the password is encrypted, the function below replaces the encrypted password with plain text and returns the connection string;

        public static string GetSqlConnection(string connectionStringName = "DefaultConnection")
    {
        // optionally defaults to "DefaultConnection" if no connection string name is inputted
        string connectionString = ConfigurationManager.ConnectionStrings[connectionStringName].ConnectionString;
        string passPhrase = "passphrase-used-to-encrypt";
        // decrypt password
        string password = get_prase_after_word(connectionString, "password=", ";");
        connectionString = connectionString.Replace(password, StringCipher.Decrypt(password, passPhrase));
        return connectionString;
    }

The function used to parse the password from the connection string

        public static string get_prase_after_word(string search_string_in, string word_before_in, string word_after_in)
    {
        int myStartPos = 0;
        string myWorkString = "";

        // get position where phrase "word_before_in" ends

        if (!string.IsNullOrEmpty(word_before_in))
        {
            myStartPos = search_string_in.ToLower().IndexOf(word_before_in) + word_before_in.Length;

            // extract remaining text
            myWorkString = search_string_in.Substring(myStartPos, search_string_in.Length - myStartPos).Trim();

            if (!string.IsNullOrEmpty(word_after_in))
            {
                // get position where phrase starts in the working string
                myWorkString = myWorkString.Substring(0, myWorkString.IndexOf(word_after_in)).Trim();

            }
        }
        else
        {
            myWorkString = string.Empty;
        }
        return myWorkString.Trim();
    }

0 讨论(0)

查看其它3个回答