Re: ASP.NET 2005 connection string

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 4 Mar 2006 11:00:33 -0600

Another thing to consider is that it may not be important to encrypt the
connection string in this case. Since the conn string will be built
dynamically for each use based on the credentials they supplied during
login, the only really important info left in the "static" part of the conn
string in web.config would be the server name. Depending on your policies,
that info may or may not really be confidential.

If you do need to encrypt it, there are a bunch of options in .NET 2.0.

Joe K.

"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be631979f08c80d8bb0368058@xxxxxxxxxxxxxxxxxxxxx

web.config is the usual way to store stuff like that in ASP.NET

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hello. I've been programming in classic .asp and am looking into
moving towards asp.net 2005 which the modeling layout appears to be
different than what I've been used to. Should I put the connection
string to our SQL Server in the web.config file? I've been wrapping
my classic .asp apps with https to encrypt the connection string and
was wondering if I can do the same for asp.net 2005. Also, I need to
be able to have individual SQL usernames and passwords for the
connection string and not a hard coded generic account for auditing
purposes. Is this possible to say create a login screen to capture
the user's SQL login info and then pass these into the asp.net 2005
connection string which would be stored in the web.config file?...or
should the connection string be stored in a different global file
named something like 'dbconnection.aspx'?

Thanks in advance.

J

Follow-Ups:
- Re: ASP.NET 2005 connection string
  - From: John

References:
- ASP.NET 2005 connection string
  - From: John
- Re: ASP.NET 2005 connection string
  - From: Dominick Baier [DevelopMentor]

Prev by Date: Plz Help Needed! The type initializer threw an exception. ---> System.UnauthorizedAccessException: Access is denied
Next by Date: Re: Plz Help Needed! The type initializer threw an exception. ---> System.UnauthorizedAccessException: Access is denied
Previous by thread: Re: ASP.NET 2005 connection string
Next by thread: Re: ASP.NET 2005 connection string
Index(es):
- Date
- Thread

Relevant Pages

Re: Web.config encryption in shared hosting scenario
... I just begin to search for a solution because the customer does not allow ... like to encrypt the database connection string located in the web.config. ... I am connecting to the SQL ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASP.NET 2005 connection string
... their credentials once. ... variables as part of the dynamic connection string that's in the ... If you do need to encrypt it, there are a bunch of options in .NET 2.0. ... string to our SQL Server in the web.config file? ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Encryption of Connection String
... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
(microsoft.public.sqlserver.security)
ConnectionString encryption decryption
... Decrypt function used to encrypt and decrypt the connection string pass to ... at System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, ...
(microsoft.public.dotnet.general)
Re: Help Encrypting Connection String
... but I have to do it on SQL Server instead of SQL ... If I'm retrieving the connection string in my own code, ... > in 2.0 you can encrypt nearly all config section out of the box using the ... >> the config file, but .NET 2.0 has more options. ...
(microsoft.public.dotnet.framework.aspnet.security)