Encrypt ASP.net Database Password

When connecting the ASP.net with a database. You will need to configure its database connection in the web.config file.

However exposing the sensitiive data like the password and user name in the web config file can bring big damage to your system when it being seen by unauthorized user.

In the ASP.net 2.0 this problem can solve by adding an encryption method. This encryption can be applied by normal without any programming background. To do this you will need the aspnet_regiis.exe a built in framework tool provided by Microsoft.

Steps:

1. Open a windows command prompt.

2. Find and locate the aspnet_regiss.exe framework directory. The version number depends on the Microsoft.Net version in use.

Example : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

3. Once you have located the aspnet_regiis.exe. Run the command as below:

aspnet_regiis -pe “connectionStrings” -app “/TestSite” -prov “DataProtectionConfigurationProvider”

Where:

connectionStrings : -Element section need to be encrypted in the web.config file.

/TestSite : – For example purpose I’m using /TestSite as the virtual directory. Please change to your virtual site.

DataProtectionConfigurationProvider : – This is protection/encryption method selected. So far there are two method. DataProtectionConfigurationProvider & RSAProtectedConfigurationProvider. For this example I’m running the DataProtectionConfigurationProvider. You may go for the RSAProtectionConfigurationProvider method when you are running a web farm.

4. Open the web.config file. Depends on the element selected above. The system will encrypt this section in the configuration file.

Before Encryption:

After Encryption:

Advertisements

2 thoughts on “Encrypt ASP.net Database Password

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s