Friday, 16 March 2012

Connection String Encryption

Problem
I would like to use Encryption in the connection string of the App.config file.

Impact
It will improve the security of the connection string section defined in the App.config.

Solution
You can use the following code to achieve the encryption of your connection string:


        public void EncryptDecrypt(bool protect)
        {
            richTextBox1.Text = "";

            // Define the Dpapi provider name.

            string strProvider = (radioButton1.Checked) ? "DataProtectionConfigurationProvider" : "RSAProtectedConfigurationProvider";

            string exePath = System.Windows.Forms.Application.ExecutablePath;

            try
            {
                // Open the configuration file and retrieve
                // the connectionStrings section.
 

                // For Web!
                // myConfiguration = System.Web.Configuration.
                //                  WebConfigurationManager.OpenWebConfiguration("~");
 

                // For Windows!
                // Takes the executable file name without the config extension.

                System.Configuration.Configuration myConfiguration = System.Configuration.ConfigurationManager.OpenExeConfiguration(exePath);
 

                System.Configuration.ConnectionStringsSection mySection = myConfiguration.GetSection("connectionStrings") as System.Configuration.ConnectionStringsSection;
 

                if (myConfiguration != null)
                {
                    mySection = myConfiguration.GetSection("connectionStrings") as
                        System.Configuration.ConnectionStringsSection;


                    if (mySection != null
                        && !mySection.IsReadOnly()
                        && !mySection.SectionInformation.IsProtected
                        && !mySection.SectionInformation.IsLocked
                        && protect)
                    {

                        // Encrypt the section.
                        mySection.SectionInformation.ProtectSection(strProvider);

                        // Indicates whether the associated configuration section
                        // will be saved even if it has not been modified.
                        mySection.SectionInformation.ForceSave = true;

                        // Save the current configuration.
                        myConfiguration.Save(ConfigurationSaveMode.Full);
                    }
                    else
                    {

                        // Remove encryption.
                        mySection.SectionInformation.UnprotectSection();

                        // Indicates whether the associated configuration section
                        // will be saved even if it has not been modified.
                        mySection.SectionInformation.ForceSave = true;

                        // Save the current configuration.
                        myConfiguration.Save(ConfigurationSaveMode.Full);
                     }
                }
            }

            catch (System.Exception ex)
            {
                throw (ex);
            }

            finally
            {
                GetConnectionString(exePath);
            }
        }

You can see the connection string using the following code:

public void GetConnectionString(string filePath)
        {
            StreamReader fileStream = new StreamReader(filePath + ".config");
            richTextBox1.Text = fileStream.ReadToEnd();
            fileStream.Close();
        }

1 comment:

  1. only working on Development machine but not working in other machine(end user machine)

    ReplyDelete