Pages

Wednesday, 25 June 2014

Connection string encryption and decryption in C#

Encryption:
Following code is used to encrypt connection string present in 
the web.config file.
Write below code on page load event or create the function 
when that function gets called the connection string which is
present in the Web.config will be get encrypted. After encryption
normal connection string i.e. plain text connection string will
be replaced by the encrypted coneection string which is not human
readable.



   public void EncryptConnectionString()
        {
Configuration config = WebConfigurationManager.
        OpenWebConfiguration(Request.ApplicationPath);
   ConfigurationSection configSection =
      config.GetSection("connectionStrings");
            
       if (!configSection.SectionInformation.IsProtected)
  {
        configSection.SectionInformation.
        ProtectSection("DataProtectionConfigurationProvider");
        config.Save();
         Response.Write("ConnectionStrings encryted successfully.");
   }
       else
  {
        Response.Write("ConnectionStrings has been encryted, 
    this action has been cancled");
  }
}


In the above code when the EncryptConnectionString() function gets called in first line I specified the part of web.config file which I want to encrypt i.e."connectionStrings" then in if(!configSection.SectionInformation.IsProtected) I checked whether connection string already encrypted or not if not then I replaced normal connection string with the encrypted connection string. (Plain text to cipher text) config.Save(); is used to save the web.config file. In if condition fails to execute then this means connection string already encrypted.

Decryption: Following code is used to decrypt connection string present in the web.config file. Write below code on page load event or or create the function when that function gets called the connection string which is present the Web.config will be get updated with the decrypted connection strings i.e. from cipher text to plain text which is user readable. public void DecryptConnectionString() { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection section = config.GetSection("connectionStrings"); if (section.SectionInformation.IsProtected) { section.SectionInformation.UnprotectSection(); config.Save(); } }

In the above code when the DecryptConnectionString() function gets called in first line I specified the part of web.config file which I want to decrypt i.e."connectionStrings" then in if(section.SectionInformation.IsProtected) I checked whether connection string already encrypted or not if it is encrypted then I replaced encrypted connection string with the plain text connection string. (Cipher text to Plain text). config.Save(); is used to save the web.config file.

Following are the two ways of Encryption currently I used second approch. To use first approch just change the function call from ProtectSection("DataProtectionConfigurationProvider") to ProtectSection("RSAProtectedConfigurationProvider"). 1) RSAProtectedConfigurationProvider: This is the default provider and uses the RSA Public Key Encryption algorithm to encrypt and decrypt data. 2) DataProtectionConfigurationProvider: This provider uses Windows Data Protection Application Programming Interface (DPAPI) to encrypt and decrypt data. Another Approch For Encryption: For encryption you can use following command. Open Visual studio command prompt as a administrator and fire the command. aspnet_regiis.exe -pe "connectionStrings" -app "/ProjectName" Note: Please run visual studio as administrator.

No comments:

Post a Comment