|
|
| Your Link here @20$ | Free Dedicated Rapidshare Premium Account | Your Link here @20$ | Join NFO Competition |
|
 |
||||||||
| Notices |
  |
|
|
LinkBack | Thread Tools | Display Modes |
05-23-2008, 07:08 AM
|
#1 |
 
|
Encrypt Connection String in Web.Config
This article is to give an idea how we can achieve security in web.config file, its a basic practice to store our Database connection string in web.config file. This avoids hard coding and you can always change as and when required but the problem is anybody who has access to solution can see the user name and passwords of the database and can be changed. To avoid this kind of problem Microsoft provides a tool called aspnet_setreg.exe this will help us to encrypt connection string or any other information you want to be secured.
Aspnet_setreg.exe is tool which will create an encrypted registry entry for your values; you can encrypt any of the web.config key values using this tool. How to do? For example your database connection string is DSN=test;uid=test;pwd=test; like this then you web.config entry would be. Code:
1. </p> 2. <p><configuration><br /> 3. <appSettings><br /> 4. <add key=” DSN=test;uid=test;pwd=test” /><br /> 5. </aapSetting><br /> 6. </configuration></p> 7. <p> Now we will see how to use aspnet_setreg.exe. First of all you need to create a registry entry using aspnet_setreg.exe Example to create: aspnet_setreg.exe -k:SOFTWARE\Your_Service\SessionState -c:sqlConnectionString=”DSN=test;uid=test;pwd=test; ” After executing the above command, you can see a registry entry under LOCAL_MAHCINE\SOFTWARE\Your_Service\SessionState Now the entry in web.config should be like following <appSettings> <add key=”sqlConnectionString” value=”registry:HKLM\SOFTWARE\Your_Service\Session State\ASPNET_SETREG,sqlConnectionString” /> Getting back the Connection String Now we will see how to get the back the connection string in our project, now we are aware that our connection string encrypted and stored in the registry so to use the data retrieved from registry should be decrypted for that we need a third party free DLL called NCrypto, the source of this DLL you can download from the following location Code:
http://sourceforge.net/projects/ncrypto/ Sample code Code:
<br />
using NCrypto.Security.Cryptography;<br />
private string DecryptString()<br />
{<br />
string pConnectionString = ConfigurationSettings.AppSettings _<br />
["sqlConnectionString"]<br />
string sSqlConnectionString = null;<br />
try<br />
{</p>
<p>char[] cSeparators = {’:', ‘,’};<br />
byte[] registryBytes;<br />
//Split the value using : character<br />
string[] regKeyPath = pConnectionString.Split(cSeparators[0]);<br />
//Get the Registry Key path<br />
regKeyPath = regKeyPath[1].Split(cSeparators[1]);<br />
RegistryKey regkeyHive = Registry.LocalMachine;<br />
RegistryKey regKey = regkeyHive.OpenSubKey(regKeyPath[0].Replace(”HKLM\\”, “”));<br />
//get the encrypted value<br />
registryBytes = (byte[])regKey.GetValue(regKeyPath[1]);<br />
//Decrypt the value into Connection String<br />
sSqlConnectionString = Encoding.Unicode.GetString( _<br />
ProtectedData.Unprotect(registryBytes));<br />
sSqlConnectionString = sSqlConnectionString.Replace( _<br />
regKeyPath[1] + “=”, “”);<br />
}<br />
catch(Exception e)<br />
{</p>
<p>}<br />
return sSqlConnectionString;<br />
}<br />
|
  | |
|
    
|
| The Following User Says Thank You to hacks For This Useful Post: |
barnick (06-28-2008)
|
| Click here to Donate to remove the Adverts. | ||
|
|
||
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SWF Encrypt 4.0.5 | KoOL | Guest Downloads | 0 | 11-21-2007 04:23 PM |
| How can I disable or otherwise change MIDI config... | Muttonman | Motherboards | 0 | 07-18-2007 05:16 PM |
| Linux Shell Script - how to split string into... | Jawapro | Linux and UNIX | 0 | 07-12-2007 09:18 AM |
| Please help wireless router config. without... | kaye7 | PC World | 0 | 07-01-2007 03:50 PM |
|
These are the 125 most used thread tags
Tag Cloud
|
| (2008) 0 1 1cd 2 3 3gp 4 7 10 2005 2006 2007 2008 2009 ac3 adobe advanced aio antivirus appz audio beta build business cd christmas collection complete converter crack desktop direct download dvd dvdrip dvdscr earth edition eng exclusive files final flash format free full game games genuine guide happy hdtv hosts hq incl internet joomla kaspersky keygen link links mac manager media microsoft mobile movie movies mp3 music network office original pack patch pc photo photoshop platinum player portable premium pro professional quality rapidshare reloaded rip rscom s60v3 security serial server smartmovie software songs sp1 speed studio subs subtitles suite tamil telugu template tm tools ultimate update utilities version video videos vista wallpapers web windows working world wwe x264 xp xvid | |
| New To AiO Forum? | Need Help? |
Linear Mode
