Configuration file - encrypting connection string
Question
I'm trying to develop a C# Winform application, which connects to SQL database.
So far I was able to move the most sensitive data from my XML configuration file to an external XML configuration file, but that's it.
The last thing I have to do is to encrypt that file, as many people will have access to a directory in which application is located.
My main [APP] configuration file looks as follows:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<connectionStrings configSource="conn_string.config"/>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
</startup>
</configuration>
And there is my [conn_string] external configuration file in which I'm trying to hide a connection string:
<?xml version="1.0" encoding="utf-8" ?>
<connectionStrings>
<add name="myConnectionStringName"
providerName="System.Data.SqlClient"
connectionString="Data Source=ServerName;Initial
Catalog=InitialDatabaseName;User=UserName;Password=MyPassword;Application Name=MyAppName" />
</connectionStrings>
Now when it comes to encryption I have read that asp-netregiis.exe is looking only for file named "web" so I temporarily renamed my "conn_string" file to "web"
And tried the encryption(via developer command line VS):
aspnet_regiis -pef "connectionStrings" "path_to_my_conn_string_file"
The result is: ~My translation
The web.config file doesn't contain a configuration tag
So I added one like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="myConnectionStringName"
providerName="System.Data.SqlClient"
connectionString="Data Source=ServerName;Initial
Catalog=InitialDatabaseName;User=UserName;Password=MyPassword;Application Name=MyAppName" />
</connectionStrings>
</configuration>
Now it complains about: ~Again my translation
File format configSource must be an element conatining section name
1 answers
solution1
0 ACCPTED 2020-03-13 12:31:31
The steps you are taking that use aspnet_Regiis are really intended for web applications hosted in Internet Information Server (IIS). The file it is looking for is really "web.config." You mentioned that the app being constructed is a winforms application, which isn't a web application. Regular winforms applications are generally configured via a file called "app.config." Visual Studio may have created a base app.config for you depending on the version you're using.
You can "trick" aspnet_Regiis into encrypting your configuration file by temporarily renaming app.config to web.config, and then invoking aspnet_regiis with a flag that points to the exact path of our "phony" web.config:
For simplicity, let's say your initial app.config resides in c:\\MyPrograms\\MyApp.
- Rename app.config to web.config.
- From an administrative command prompt, set your current directory to c:\\windows\\micrsoft.net\\framework\\v4.0.30319
Invoke aspnet_regiis, using the "-pef" switch to instruct the tool to encrypt a particular section of your web.config:
aspnet_regiis -pef "connectionStrings" c:\\MyPrograms\\MyApp
If you see a "Succeeded" message, rename your web.config back to app.config, and run your application. .NET should decrypt your connection string automatically at runtime on that machine .
If you need to put this application on other machines, you may need to consider setting up a common encryption key that can be installed on other machines as well as define a provider in web.config that leverages that key. But for now, let's get the basic process working locally, and then worry about the other components once we know this part is working.
Hope this helps!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.