Encrypting Webconfig file values in .Net 1.1 Framework

**Mark Rae [MVP]** · Jun 27 '08, 08:05 PM

Re: Encrypting Webconfig file values in .Net 1.1 Framework

"madhusrp" <madhusrp@discu ssions.microsof t.comwrote in message
news:35FC91DD-2EF5-4D25-BF8C-DE085B798480@mi crosoft.com...

Could anyone suggest me an idea to encrypt the webconfig file's
connection
string in the framework 1.1.

Use any of the built-in methods in the System.Security .Cryptography
namespace:

System.Security.Cryptography Namespace

http://msdn.microsoft.com/en-us/library/system.security.cryptography(VS.71).aspx

Provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication. For more information, see Cryptographic Services.

I'm curious as to why you need to do this...

--
Mark Rae
ASP.NET MVP

Mark Rae - JavaScript Disabled

http://www.markrae.net

**Teemu Keiski** · Jun 27 '08, 08:05 PM

Re: Encrypting Webconfig file values in .Net 1.1 Framework

Hi,

here's a walkthrough from "Building Secure ASP.NET Applications"

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

http://msdn.microsoft.com/en-us/library/aa302403.aspx#secnetht08_step3

How To: Use DPAPI (Machine Store) from ASP.NET 1.1

--
Teemu Keiski
AspInsider, ASP.NET MVP

http://blogs.aspadvice.com/joteke

http://teemukeiski.net

"madhusrp" <madhusrp@discu ssions.microsof t.comwrote in message
news:35FC91DD-2EF5-4D25-BF8C-DE085B798480@mi crosoft.com...

Hi,
Could anyone suggest me an idea to encrypt the webconfig file's
connection
string in the framework 1.1.
>
Thank you in Advance
--
Lets Learn and Make All Learn

**Mark Stevens** · Jun 27 '08, 08:05 PM

Re: Encrypting Webconfig file values in .Net 1.1 Framework

On Thu, 8 May 2008 21:04:51 +0100, "Mark Rae [MVP]"
<mark@markNOSPA Mrae.netwrote:

>I'm curious as to why you need to do this...

It is always prudent to encrypt sensitive information and connection
strings fall into this category. Given that MS have provided an API
and method of doing this they obviously feel the same way.

Cheers,
Mark
--
|\ _,,,---,,_ A picture used to be worth a
ZZZzzz /,`.-'`' -. ;-;;, thousand words - then along
|,4- ) )-,_. ,\ ( `'-' came television!
'---''(_/--' `-'\_)

Mark Stevens (mark at thepcsite fullstop co fullstop uk)

This message is provided "as is".

**Mark Rae [MVP]** · Jun 27 '08, 08:05 PM

Re: Encrypting Webconfig file values in .Net 1.1 Framework

"Mark Stevens" <nevyn@nospam.n ospamwrote in message
news:aiu724948q aa812kp9je80hea e448toi93@4ax.c om...

>>I'm curious as to why you need to do this...

>
It is always prudent to encrypt sensitive information and connection
strings fall into this category.

Are you worried that someone might hack your server and steal a copy of
web.config? If so, then the file's contents are surely the least of your
worries...

Given that MS have provided an API and method of doing this they
obviously feel the same way.

The Cryptography namespace is not *just* for web.config - it can be used to
encrypt anything...

--
Mark Rae
ASP.NET MVP

Mark Rae - JavaScript Disabled

http://www.markrae.net

Encrypting Webconfig file values in .Net 1.1 Framework

Encrypting Webconfig file values in .Net 1.1 Framework

Comment

Comment

Comment

Comment