Friday, September 14, 2007

Web.Config Encryption and decryption

We are providing the connection strings in the web configuration file, in our connection string we are providing all the information of our database server like server name, user name, password etc. this information can be easily viewed by other users, so we required to encrpty that information.
I am providing a little code for encrytpion and decryption of web.config file.

In web config file my connection string is looks like



and my Encryption and Decryption function is

public void EncryptConfig(bool IsEncrypt)
{
string path = "/tipsandtrics";

// your application name

Configuration config = WebConfigurationManager.OpenWebConfiguration(path);
ConfigurationSection appSettings = config.GetSection("connectionStrings");

if (IsEncrypt)
{
appSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
else
{
appSettings.SectionInformation.ProtectionProvider.Name.ToString();
appSettings.SectionInformation.UnprotectSection();
}
config.Save();
}

now just call this function if you want to encrypt connection string like

EncryptConfig(true);

and for decryption

EncryptConfig(false);

that's it..

here i used "DataProtectionConfigurationProvider" encryption method, for more methods of encryption, please refer msdn site.

No comments:

Post a Comment