Re: Windows App .NET 2.0: Encryption of Connection Strings

From: Henrik Skak Pedersen (someone_at_news.com)
Date: 11/12/05 

Date: Sat, 12 Nov 2005 11:32:03 +0100

Hello Dominick,

Thank you very much for your reply, that was just what I needed. I have a
some extra questions.

1) Which rights should the user have on the machine to be able to encrypt?
2) I have tried to run the code for different users on the machine and they
all seems to be able to decrypt the connection string, no matter which user
that have encrypted it. Is the section encrypted on a machine level?
3) I guess that I protect all kinds of configuration sections?
4) Can I use it on configurations save in isolated storage?
5) I guess that I also can use the RSAProtectedConfigurationProvider
provider. Would I ever have to use this provider in a Windows application?

Thanks

Henrik

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be6313561a8c7b5059deae6bf@news.microsoft.com...
> Hello Henrik,
>
> something like this:
>
> static void Main(string[] args)
> {
> Configuration config =
> ConfigurationManager.OpenExeConfiguration(...);
>
> Console.WriteLine(config.FilePath);
> ConnectionStringsSection s = config.ConnectionStrings;
>
> s.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
> s.SectionInformation.ForceSave = true;
>
> config.Save();
> }
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> I have found a lot of articles explaining how to encrypt configuration
>> strings in ASP.NET 2.0, but none explaining how to do it in Windows
>> Applications.
>>
>> I would like to encrypt the connection strings in an application which
>> I am deploying to multiple customers. The customer enter db-connection
>> information themselves and I have to encrypt it afterwards. I have to
>> support both trusted connections and sql authentication.
>>
>> Any ideas?
>>
>> Thanks
>>
>> Henrik Skak Pedersen
>>
>
>

Relevant Pages

  • Connection Strings app.config and encrypting
    ... I have a .Net 2.0 windows forms application where a user will supply a connection string for their database server during initial configuration. ... I can encrypt the data using the built in crypto classes in .Net, but the question comes in how can I securely store the keys used for encryption. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Connection Strings app.config and encrypting
    ... connection string for their database server during initial ... stored in the app.config file or whatever xml based configuration file I ... I can encrypt the data using the built in crypto classes in .Net, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Unable to create virtual directory from file
    ... the exported configuration file has never been encrypted -- you ... will always get a valid XML file for export. ... What "encrypt configuration ... I'm trying to export/import a virtual directory in IIS6 running on a Windows ...
    (microsoft.public.inetserver.iis)
  • Re: Encryption of Connection String
    ... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
    (microsoft.public.sqlserver.security)
  • ConnectionString encryption decryption
    ... Decrypt function used to encrypt and decrypt the connection string pass to ... at System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, ...
    (microsoft.public.dotnet.general)