Encrypt password in App.config

后端 未结 4 838
渐次进展
渐次进展 2020-11-27 04:21

I want to encrypt the password in connection string. When I make a connection to DB the connection string is openly stored in App.config and I need to find a way to keep onl

相关标签:
4条回答
  • 2020-11-27 04:35

    As an addition to the other answers, isn't it better to use the file in Source Control as a template, with just dev/test encrypted connection strings so that it works in dev/test.

    For production (or other environments the app is deployed to), the encrypted credentials file is generated separately to the specified template format, managed/updated/deployed separately, has appropriate security permissions applied, never seen by anyone other than DBA/DevOps.

    0 讨论(0)
  • 2020-11-27 04:37

    Lets say this is your connection string:

    <connectionStrings>
        <add name="cs" connectionString="Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=XXSDFASFDKSFJDKLJFDWERIODFSDFHSDJHKJNFJKSD;"/>
    </connectionStrings>
    

    Then you can do something like this:

    string myCs = System.Configuration.ConfigurationManager.ConnectionStrings["cs"].ConnectionString;
    
    System.Data.SqlClient.SqlConnectionStringBuilder csb = new System.Data.SqlClient.SqlConnectionStringBuilder(myCs);
    csb.Password = EncDecHelper.Decrypt(csb.Password);
    myCs = csb.ToString();
    

    You can write EncDecHelper.Decrypt by using samples from here: Encrypt and decrypt a string

    0 讨论(0)
  • 2020-11-27 04:38

    Use the connectionStrings configuration section and encrypt the whole section - instead of just the password.

    This is safer as your app config will no longer have the server names and user names in plain text either.

    There are how-to documents for encrypting configuration sections on MSDN for RSA or DPAPI.

    0 讨论(0)
  • 2020-11-27 04:40

    Maybe decrypt connection string from your config before application was loaded.

    0 讨论(0)
提交回复
热议问题