I want to keep encrypted connection string and stmp information in the web.config.
can I store Connection String and SMTP information in web.config encrypted and where I need just decrypted and use?
OR
What is the point/event where i can encrypt the Connection String and SMTP and save in the web.config? (and if the changes happen in web.config in that, is existing session expired?)
What is the best solution?
Thanks
It's easy to do with aspnet_regiis.exe- look at the pe/pd/pef and pdf options. You can also do it programmatically. It works by encrypting a specific configuration section. In your case that is the connectionStrings and smtp sections.
You can use either DPAPI or RSA and you can encrypt on either a machine wide basis or on a specific user account.
Related
In web.config we store connection string like:
connectionString="Server=serverName;Database=dbName;Username=xyz;Password=xyz"
But everytime, server name keeps on changing...i mean many times Database is shifted from one server to another. So all the time we need to change connection string in all apllications
Is is possible to store server name in machine.config file and other part of connection string i.e. Database name, username, password in web.config file?
If possible How?...
Can we add something like "key"?
You could store the connection string directly in the machine.config
Here's a thread discussing that option: Storing connection strings in machine.config vs storing them in web.config
I have an ASP.NET page that uses the MySQL.NET library to access a MySQL DB on the server. My question is about storing the connection string in the web.config. The MySQL.NET connection string looks like:
"server=localhost;user=user;database=db;password=pw"
I have to assume having the pw in the web.config as plain text isn't a good thing. What are my options to getting around this?
You can encrypt the connection string in your web.config.
For more information : Securing Connection Strings
You can encrypt Web.config using "Protected Configuration". See here on MSDN for a full overview of the process:
http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx
private string conString = "Data Source=173.56.33.6;Database=musicapp;User ID=guest;Password=guest";
I was working on local database at that time my application was successfully interacting with mysql database.when put the database on server, my application still taking the old connection string and data is stored in local database and not on server.
what is wrong?
I'd remove hard coded connection strings all together. There is a dedicated section of your config file for this very purpose:
<connectionStrings>
<add name="MusicApp" connectionString="Data Source=173.56.33.6;Database=musicapp;User ID=guest;Password=guest;" />
</connectionStrings>
Which you can then read out:
string connection = ConfigurationManager.ConnectionStrings["MusicApp"].ConnectionString;
I think your problem is that you have the connection string hard-coded in your code (as a private string that you show above). A much better way is to store it in the config file, use Settings in VS and select ConnectionString as type.
Make sure whether you updated your connection string when you transfered your DB to server. In any case it is best to store connection string in web.config, so that you can modify it when ever your db is changed or transferred to another location. This change in connection string in your web.config wouldn't require you to rebuild your application. Although if your connection string is hard-coded in code, then you would require to rebuild your application when ever you change the connection string.
if Data Source=173.56.33.6; is the location of your server database try this instead Data Source=\173.56.33.6;
Is it possible to have both encypted and unencrypted connection strings in the same web.config?
I don't believe that you can encrypt an individual connection string as part of the ConnectionStrings section. This is because ConfigurationElement objects (ConnectionStringSetting derives from) has an ElementInformation Property which does not have a Protect method. A ConfigurationSection has a SectionInformation Property which does have a Protect method, ConnectionStringsSection inherits from ConfigurationSection.
So, with that said, you can encrypt a ConnectionStringsSection, but not a ConnectionStringSetting.
However, all is not lost. You do have the ability to create your sections/elements to maintain your non-encrypted (or encrytped depending on which way you want to go) connection strings. You just won't be able access them using the WebConfigurationManager's ConnectionStrings Property.
i have a website built in asp.net connecting to a sql 2000 db. within my web.config file, i have a connection string referencing a DSN. in order for my db connection to work i have to include the username and password within the string. for security reasons, is there any way to connect to my db without displaying the username and password. maybe a method to encrypt the information?? the trusted connection string method did not work for me.
current method
Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=myPassword;
trusted method (did not work in my server environment)
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
You can encrypt connection strings in your web.config file.
See How To: Secure Connection Strings When Using Data Source Controls on MSDN.
For MySQL with port number
<add name="constring" connectionString="Server=localhost;Uid=root;Database=databasename;Port=3306;" providerName="MySql.Data.MySqlClient"/>