Encrypting the connection string in web.config file in C#

Question

I have written the name of my database, username and password in my web.config file as connection string.

I want to encrypt this data. How can I do it?<

Answer 1

You can just use the apnet_regiis tool to do that ,just do

C:\WINDOWS\Microsoft.Net\Framework(64)\(.Net version)\aspnet_regiis -pe "connectionStrings" 

for a specific application you can use the app argument -app application name, and for a specific site you can also use the site argument "-site site id".

For more details see http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx.

Note that this works for a web application only and not for a windows application.

Also note that you have to run it from a command prompt with elevated privileges ("run as administrator").

Answer 2

I one particular application, I call the following routine on startup:

Private Sub CheckConfigFile()
    Dim config As System.Configuration.Configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
    Dim sec As ConfigurationSection = config.AppSettings

    If sec IsNot Nothing Then
        If sec.SectionInformation.IsProtected = False Then
            Debug.Write("Encrypting the application settings...")
            sec.SectionInformation.ProtectSection(String.Empty)
            sec.SectionInformation.ForceSave = True
            config.Save(ConfigurationSaveMode.Full)
            Debug.WriteLine("done!")
        End If
    End If
End Sub