Encrypting the connection string in web.config file in C#

Question

I have written the name of my database, username and password in my web.config file as connection string.

I want to encrypt this data. How can I do it?

<connectionStrings>
  <add name="ISP_ConnectionString" connectionString="Data Source=JIGAR;
             Initial Catalog=ISP;Integrated Security=True;
             User ID=jigar;Password=jigar123;
             providerName="System.Data.SqlClient" />
</connectionStrings>

Answer 1

You can just use the apnet_regiis tool to do that ,just do

C:\WINDOWS\Microsoft.Net\Framework(64)\(.Net version)\aspnet_regiis -pe "connectionStrings" 

for a specific application you can use the app argument -app application name , and for a specific site you can also use the site argument "-site site id ".

For more details see http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx .

Note that this works for a web application only and not for a windows application.

Also note that you have to run it from a command prompt with elevated privileges ("run as administrator").

Answer 2

I one particular application, I call the following routine on startup:

Private Sub CheckConfigFile()
    Dim config As System.Configuration.Configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
    Dim sec As ConfigurationSection = config.AppSettings

    If sec IsNot Nothing Then
        If sec.SectionInformation.IsProtected = False Then
            Debug.Write("Encrypting the application settings...")
            sec.SectionInformation.ProtectSection(String.Empty)
            sec.SectionInformation.ForceSave = True
            config.Save(ConfigurationSaveMode.Full)
            Debug.WriteLine("done!")
        End If
    End If
End Sub