When connecting the ASP.net with a database. You will need to configure its database connection in the web.config file.
However exposing the sensitiive data like the password and user name in the web config file can bring big damage to your system when it being seen by unauthorized user.
In the ASP.net 2.0 this problem can solve by adding an encryption method. This encryption can be applied by normal without any programming background. To do this you will need the aspnet_regiis.exe a built in framework tool provided by Microsoft.
1. Open a windows command prompt.
2. Find and locate the aspnet_regiss.exe framework directory. The version number depends on the Microsoft.Net version in use.
Example : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
3. Once you have located the aspnet_regiis.exe. Run the command as below:
aspnet_regiis -pe “connectionStrings” -app “/TestSite” -prov “DataProtectionConfigurationProvider”
connectionStrings : -Element section need to be encrypted in the web.config file.
/TestSite : – For example purpose I’m using /TestSite as the virtual directory. Please change to your virtual site.
DataProtectionConfigurationProvider : – This is protection/encryption method selected. So far there are two method. DataProtectionConfigurationProvider & RSAProtectedConfigurationProvider. For this example I’m running the DataProtectionConfigurationProvider. You may go for the RSAProtectionConfigurationProvider method when you are running a web farm.
4. Open the web.config file. Depends on the element selected above. The system will encrypt this section in the configuration file.