Web.config encryption/decryption

Posted by Akshay on Stack Overflow See other posts from Stack Overflow or by Akshay
Published on 2010-03-16T10:22:36Z Indexed on 2010/03/16 10:26 UTC
Read the original article Hit count: 336

Filed under:

web.config

|

c#

|

ASP.NET

In my applications we.config file I have a connection string stored. I encrypted it using

  '---open the web.config file
    Dim config As Configuration = _
       ConfigurationManager.OpenWebConfiguration( _
       Request.ApplicationPath)
    '---indicate the section to protect
    Dim section As ConfigurationSection = _
       config.Sections("connectionStrings")
    '---specify the protection provider
    section.SectionInformation.ProtectSection(protectionProvider)
    '---Apple the protection and update
    config.Save()

Now I can decrypt it using the code

   Dim config As Configuration = _
       ConfigurationManager.OpenWebConfiguration( _
       Request.ApplicationPath)
    Dim section As ConfigurationSection = _
       config.Sections("connectionStrings")
    section.SectionInformation.UnProtectSection()
    config.Save()

I want to know where is the key stored.
Also If somehow my web.config file is stolen, will it be possible for him/her to decrypt it using thhe code above.

© Stack Overflow or respective owner

Related posts about web.config

Child web.config can't clear <pages><controls> from parent web.config

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I "clear" the vendor defined <controls> in my child app's web.config? Parent Web Config. <system.web> <pages> <controls>  <add tagPrefix="asp" namespace="VENDOR.Web.UI.Base" assembly="System… >>> More
Configure Forms based authentication in SharePoint 2010

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Configuring form authentication is a straight forward task in SharePoint. Mostly public facing websites built on SharePoint requires form based authentication. Recently, one of the WCM implementation where I was included in the project team required registration system. Any internet user can… >>> More
Allowing creation/modification of virtual aliases using web.config

as seen on Server Fault - Search for 'Server Fault'
Hi, I've been given a problem to fix, and I initially thought of .htaccess files, except for one thing, I quickly realized it's an IIS server. Is it possible to allow a webmaster the ability to modify the virtual directories using web.config files in the same way you can using .htaccess files? … >>> More
SharePoint 2010 - Access denied during ApplyWebConfigModifications()

as seen on Stack Overflow - Search for 'Stack Overflow'
I have SharePoint 2010 installed on a Windows Server 2008 R2 machine which is also hosting SQL Sever 2008 R2. I am attempting to deploy a solution that includes web parts in the 2010 environment that is working fine in MOSS 2007. The Web Part feature has a feature receiver that updates the web.config… >>> More
Error in Encrypting web.config connection string

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi everybody, I am encrypting web.config file. My code is below. Configuration config = WebConfigurationManager.OpenWebConfiguration("~"); ConfigurationSection section = config.GetSection("connectionStrings"); if (!section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider"); … >>> More

Related posts about c#

.NET WebRequest.PreAuthenticate not quite what it sounds like

as seen on West-Wind - Search for 'West-Wind'
I’ve run into the problem a few times now: How to pre-authenticate .NET WebRequest calls doing an HTTP call to the server – essentially send authentication credentials on the very first request instead of waiting for a server challenge first? At first glance this sound like it should be easy:… >>> More
HttpWebRequest and Ignoring SSL Certificate Errors

as seen on West-Wind - Search for 'West-Wind'
Man I can't believe this. I'm still mucking around with OFX servers and it drives me absolutely crazy how some these servers are just so unbelievably misconfigured. I've recently hit three different 3 major brokerages which fail HTTP validation with bad or corrupt certificates at least according to… >>> More
The dynamic Type in C# Simplifies COM Member Access from Visual FoxPro

as seen on West-Wind - Search for 'West-Wind'
I’ve written quite a bit about Visual FoxPro interoperating with .NET in the past both for ASP.NET interacting with Visual FoxPro COM objects as well as Visual FoxPro calling into .NET code via COM Interop. COM Interop with Visual FoxPro has a number of problems but one of them at least got a lot… >>> More
Dynamic Type to do away with Reflection

as seen on West-Wind - Search for 'West-Wind'
The dynamic type in C# 4.0 is a welcome addition to the language. One thing I’ve been doing a lot with it is to remove explicit Reflection code that’s often necessary when you ‘dynamically’ need to walk and object hierarchy. In the past I’ve had a number of ReflectionUtils that used string based expressions… >>> More
Finding a Relative Path in .NET

as seen on West-Wind - Search for 'West-Wind'
Here’s a nice and simple path utility that I’ve needed in a number of applications: I need to find a relative path based on a base path. So if I’m working in a folder called c:\temp\templates\ and I want to find a relative path for c:\temp\templates\subdir\test.txt I want to receive back subdir\test… >>> More