How To Encrypt ConnectionString for Entity Framework and Windows Forms
Question
I am writing a Windows Forms application for public distribution that utilizes a cloud database. I need to encrypt the connection string in the published app.config file. I am using Entity Framework and .net 4.5 for this project. From what I've read (and it may be wrong), EF does not automatically decrypt connection strings. How do I accomplish that?
2 answers
solution1
0 2013-10-01 21:05:29
You should use Windows authentication. If you give the users an encrypted connection string and expect them to pass it back unencrypted then you have to give them the means to decrypt basically the public key which is a security no no. You may be able to encrypt the string in the file and have the application pass it up to a WCF or REST service that holds the private key, decrypts, establishes connection to the database, and makes the query to the database. But that still makes the encrypted value as good as a password. This is why you need to use windows authentication so the user can provide his credentials and you authorize them. That way you can control who is accessing the database and the user is the only person with access to their password (theoretically anyhow).
This is also why ASP.Net has this functionality and WinForm apps don't ASP.Net apps run in a controlled server environment where they can have access to a private key without sharing it with the world.
solution2
-2 2013-10-02 10:52:41
To expand on my comments to make it an answer, you can use aspnet_regiis . Rename your app.config to web.config, then follow the steps described in
Encrypting sections and-or settings in an App.config file that will be redistributed
After it is done, rename the file back.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.