Encrypted & unencrypted connection strings in web.config? - asp.net

Is it possible to have both encypted and unencrypted connection strings in the same web.config?

I don't believe that you can encrypt an individual connection string as part of the ConnectionStrings section. This is because ConfigurationElement objects (ConnectionStringSetting derives from) has an ElementInformation Property which does not have a Protect method. A ConfigurationSection has a SectionInformation Property which does have a Protect method, ConnectionStringsSection inherits from ConfigurationSection.
So, with that said, you can encrypt a ConnectionStringsSection, but not a ConnectionStringSetting.
However, all is not lost. You do have the ability to create your sections/elements to maintain your non-encrypted (or encrytped depending on which way you want to go) connection strings. You just won't be able access them using the WebConfigurationManager's ConnectionStrings Property.

Related

Store database server name in machine.config file

In web.config we store connection string like:
connectionString="Server=serverName;Database=dbName;Username=xyz;Password=xyz"
But everytime, server name keeps on changing...i mean many times Database is shifted from one server to another. So all the time we need to change connection string in all apllications
Is is possible to store server name in machine.config file and other part of connection string i.e. Database name, username, password in web.config file?
If possible How?...
Can we add something like "key"?
You could store the connection string directly in the machine.config
Here's a thread discussing that option: Storing connection strings in machine.config vs storing them in web.config

ASP.NET MySQL.NET connection string

I have an ASP.NET page that uses the MySQL.NET library to access a MySQL DB on the server. My question is about storing the connection string in the web.config. The MySQL.NET connection string looks like:
"server=localhost;user=user;database=db;password=pw"
I have to assume having the pw in the web.config as plain text isn't a good thing. What are my options to getting around this?
You can encrypt the connection string in your web.config.
For more information : Securing Connection Strings
You can encrypt Web.config using "Protected Configuration". See here on MSDN for a full overview of the process:
http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

Where in the MembershipProvider is set the connection string from the provider config?

I was wondering where in the MembershipProvider is set the connection string from the provider config ?
Example, i create my custom provider called CustomMembershipProvider.. in the web.config there is a setting for the connection string.. but where it is set in the provider ? how to retrieve it from the config ?
Thanks.
Your provider config should reference a connection string in the connectionstrings section. The base provider doesn't store the connectionstring, as it's specific to a particular provider (eg an XML provider won't have a connection string).
The default SQL providers show the connectionstring either. If you're creating a custom provider & want to know what connectionstring you're using you'll need to create a public property for the value then reference Membership.Provider & cast it to your custom provider type to access the property.

problem in connectionstring in asp.net

private string conString = "Data Source=173.56.33.6;Database=musicapp;User ID=guest;Password=guest";
I was working on local database at that time my application was successfully interacting with mysql database.when put the database on server, my application still taking the old connection string and data is stored in local database and not on server.
what is wrong?
I'd remove hard coded connection strings all together. There is a dedicated section of your config file for this very purpose:
<connectionStrings>
<add name="MusicApp" connectionString="Data Source=173.56.33.6;Database=musicapp;User ID=guest;Password=guest;" />
</connectionStrings>
Which you can then read out:
string connection = ConfigurationManager.ConnectionStrings["MusicApp"].ConnectionString;
I think your problem is that you have the connection string hard-coded in your code (as a private string that you show above). A much better way is to store it in the config file, use Settings in VS and select ConnectionString as type.
Make sure whether you updated your connection string when you transfered your DB to server. In any case it is best to store connection string in web.config, so that you can modify it when ever your db is changed or transferred to another location. This change in connection string in your web.config wouldn't require you to rebuild your application. Although if your connection string is hard-coded in code, then you would require to rebuild your application when ever you change the connection string.
if Data Source=173.56.33.6; is the location of your server database try this instead Data Source=\173.56.33.6;

Need Encrypted connection string and stmp information in the web.config

I want to keep encrypted connection string and stmp information in the web.config.
can I store Connection String and SMTP information in web.config encrypted and where I need just decrypted and use?
OR
What is the point/event where i can encrypt the Connection String and SMTP and save in the web.config? (and if the changes happen in web.config in that, is existing session expired?)
What is the best solution?
Thanks
It's easy to do with aspnet_regiis.exe- look at the pe/pd/pef and pdf options. You can also do it programmatically. It works by encrypting a specific configuration section. In your case that is the connectionStrings and smtp sections.
You can use either DPAPI or RSA and you can encrypt on either a machine wide basis or on a specific user account.

Resources