syntaxhelp.com Your online cheat sheet!

Storing Connection String in web.config

 
<configuration>
<appSettings />
  <connectionStrings>
    <add name="SqlCon" connectionString="Server=vhimabindu; Database=dnndb; User ID=sa; password= ; "
      providerName="System.Data.SqlClient" />
  </connectionStrings>

Importing required namespaces

 
using System.Configuration; //For configuration
using System.Web.Configuration; //WebConfiguration Manager
using System.Data.SqlClient; //Accessing connection string 

Encrypting Connection String in web.config

 
     //Method for Encrypting ConnectionStrings and modifys Web.config accordingly
        public void EncryptConnString()
        {
            Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
            ConfigurationSection section = config.GetSection("connectionStrings");
            if (!section.SectionInformation.IsProtected)
            {
           // Replace RsaProtectedConfigurationProvider with DataProtectionConfigurationProvider 
           // in Inorder DPAPI to Encrypt or Decrypt the data
           // section .SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
                section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
                config.Save();
            }
        }

Decrypting Connection String in web.config

 
  //Method for decrypting ConnectionStrings and modifys Web.Config accordingly.
        public void DecryptConnString()
        {
            Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
            ConfigurationSection section = config.GetSection("connectionStrings");
            if (section.SectionInformation.IsProtected)
            {
                section.SectionInformation.UnprotectSection();
                config.Save();
            }
        }
 

Access Connection String from code behind

 
using System.Configuration; //for Configuration Manager
  //Accessing connection Sting as usual if encrypted too
 SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlCon"].ConnectionString);

Output - Web.config after Encryption

 
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
      xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>            <CipherValue>LX97jz2pTSaMkw0QkHF7Gf3+uVQw
Nh0D9K31B0Yw43ayWFOYvlIoLOL0zIpZFmfj1EC8z4eo6
5DekOp36e6TQuZUR0y6f1DIl0RLcf5vd2v1buWo5KKEYe
wYXd+oqP80j+lZbl7WsuY5pkRxfUY6UPXyELo+Xow2NEm
k0GPvbz0=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>        <CipherValue>eN/mRoS0mGBbiiPud7iuyTHe3oEJtXn
H1qWooQpoM3SJSIkPwKyxysk4dCQTSbtaG9LQlX3fYZMvr
EDLxE0egw0fHsugNJtFdrvfXmIfgeKBkoyf2fVfENRx1/iBD+
GvBfRVW4Z+2STnpixLkJblxsi82/wazl0UO2D8/y+YRk38P5
cfmrCYVv83bG9oLXCmWSw+NBZnvRm+fFrOPUpuM1WfL9
OTct/YA1kZDAHa2iWUGeT4VyTX9W32H/Wu1wFbxWDPJiR
Hgkc=</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>

Encrypting web.config using aspnet_regiis.exe

 
aspnet_regiis.exe -pe "connectionStrings" -app "/WebAppVirtualPath" "prov "DataProtectionConfigurationProvider1"

Decrypting web.config using aspnet_regiis.exe

 
aspnet_regiis.exe -pd "connectionStrings" -app "/WebApplicationPath"