I'm developing an MDI application with Visual Studio 2013 (.NET 4.5) and Oracle Developer Tools latest release. I need to create a main form that then will be the container for many different forms, each of which will be a different application.
The application have to connect to different Oracle databases and now I'm trying to set the main form to keep all the connection strings encrypted and possibly on a separate file. For now the connection string is only one.
To encrypt the connection string I've used the aspnet_regiis method described on those articles:
- Web Config Encryption/Decryption in Framework 4.0
- Encrypting Configuration Information Using Protected Configuration
To sum up:
I added to my app.config the <configProtectedData> section where I defined my own RSA provider and my key container because I need to export and import the keys on several machines. Then I created the key container and used it with the aspnet_regiis tool to encrypt the <connectionStrings> section.
I also set the <oracle.manageddataaccess.client> section for the TNS_ADMIN variable to use my own Oracle Instant Client and my custom tnsnames.ora file. This will help to avoid problems with different machine OSes and Oracle client versions and configurations.
So, now this is how my final app.config file should be:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name="TNS_ADMIN" value="D:\VSProjects\Visual Studio 2013\Projects\MDITest\MDITest\"/>
</settings>
</version>
</oracle.manageddataaccess.client>
<configProtectedData>
<providers>
<add name="OracleDeveloperRSAProtectedConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
keyContainerName="OracleDeveloperDbKeys"
description="Uses RsaCryptoServiceProvider to encrypt and decrypt" />
</providers>
</configProtectedData>
<connectionStrings configProtectionProvider="OracleDeveloperRSAProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZuB8jsXnXR/6Ww47R4Oc/ksSgHsrRuuOkNypbsdfm1ASDlvdsklsgfhtrwaADFHrywswvfhgnjlsGHSDJKFEROvfsd/TV+LKlysPkccEXmJFCcFZ7S9geSInPBaNvYGweR9FcTK1HVcrYMaddgfBK6lpSTTw6cdMRIOcw0Ib//oYPr34=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>01old8NrGlRAOLdfdtXUKYuBkZPY5XbWMI/j22Hnm8U=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
</configuration>
Now I need to use the Data Source Configuration Wizard to set up the Oracle Dataset and then be able to drag and drop tables from DataSource Explorer to the forms that automatically creates navigation buttons and keep relations between tables and so on.
But when I finish the configuration with the Wizard on a new application with the original app.config, it asks me to create a ConnectionString and stores it inside the app.config and then a copy is also placed inside the Settings.settings file, obviously in plain text.
If I do the above procedure to encrypt the <connectionStrings> section in the original app.config, then the DataSet.xsd works only if the ConnectionString setting is present inside the Settings.settings. It doesn't use the app.config parameter.
I tried to open the DataSet.Designer.cs file but there're Connection and ConnectionString parameters specified for each TableAdapter object and since there're many tables in my dataset, I'd like to avoid a find/replace approach... Also because if I need to make some changes to the dataset, then the DataSet.xsd file will probably be overwritten and so all the edits will be lost.
I want to know which is the best way to replace the connection string and use the encrypted one instead.
At last I'd also like to know if I can move my <connectionStrings> section to a different .config file while mantaining the encryption.
-- EDIT --
I've made some more tests recreating a new application project and Visual Studio seems smarter than I thought!
I added the first connection string to a blank app.config after using the Wizard to setup a new Data source. Then I edited the app.config and moved the <connectionStrings> section to a new connections.config file. I applied the aspnet_regiis method to encrypt the section and everything worked. But, since I could still can see the connection string in plain text inside the Settings.settings I decided to change the <CipherData> string to see if the application would throw an error or if it would work without problems. Very simply, if the application throws an error, then it's using the encrypted connection string (what I want - correct), otherwise it is using the plain text connection string on Settings.settings (what I don't want - not correct). Surprisingly the application throwed an exception!
It seems that the Settings.settings panel always shows the plain text connection strings just because it reads the app.config (and so connections.config too) and then apply an "on the fly" decryption. So that panel can be considered just like a simple view of the app.config that shows some parameters, even if they are encrypted.
In addition to that, I added a second Data source with another connection, again using the Wizard. The new connection was automatically added to the connections.config encrypted! I noticed it because the <CipherData> string was changed. Also the new connection was visible in plain text inside the Settings.settings. So I redid the same test as before by changing the string and the application throwed again an error.
So, finally, there's no need to re-encrypt the app.config file each time you add a new connection because it is automatically done! Great!
来源:https://stackoverflow.com/questions/26734610/how-to-use-encrypted-connection-string-on-app-config-with-dataset-xsd-generated