Labels
Posted by

Encrypt web config in Asp.net

You can encrypt sections of a configuration file to protect sensitive

information used by your application. This improves security by making it difficult for unauthorized access even if an attacker gains access to your configuration file.

The .NET Framework includes two protected-configuration providers that can be used to encrypt sections of a configuration file.

· RSAProtectedConfigurationProvider, which uses the RSACryptoServiceProvider to encrypt configuration sections.

· DPAPIProtectedConfigurationProvider, which uses the Windows Data Protection API (DPAPI) to encrypt configuration sections.

The unprotected app.config file

This is what the app.config file looks like when it is unprotected:
<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<connectionStrings>

<add name="SampleSqlServer" connectionString=   "Data Source=localhost;Integrated Security=SSPI;

  Initial Catalog=SampleDatabase;" />

</connectionStrings>

</configuration>
The protected app.config file

This is what the app.config file looks like when it is protected using the built-in .NET 2.0 framework ConfigurationSection.Protect () functionality:

Using RsaProtectedConfigurationProvider
<?xml version="1.0" encoding="utf-8" ?>

<configuration>

    <connectionStrings

 configProtectionProvider="RsaProtectedConfigurationProvider">

    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"

      xmlns="http://www.w3.org/2001/04/xmlenc#">

      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">

          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

            <KeyName>RSA Key</KeyName>

          </KeyInfo>

          <CipherData>            <CipherValue>RXO/zmmy3sR0iOJoF4ooxkFxwelVYpT0riwP2mYpR3FU+r6BPfvsqb384pohivkyNY7Dm4lPgR2bE9F7k6TblLVJFvnQu7p7d/yjnhzgHwWKMqb0M0t0Y8DOwogkDDXFxs1UxIhtknc+2a7UGtGh6Di3N572qxdfmGfQc7ZbwNE=

            </CipherValue>

          </CipherData>

        </EncryptedKey>

      </KeyInfo>

      <CipherData>        <CipherValue>KMNKBuV9nOid8pUvdNLY5I8R7BaEGncjkwYgshW8ClKjrXSM7zeIRmAy/cTaniu8Rfk92KVkEK83+UlQd+GQ6pycO3eM8DTM5kCyLcEiJa5XUAQv4KITBNBN6fBXsWrGuEyUDWZYm6Eijl8DqRDb11i+StkBLlHPyyhbnCAsXdz5CaqVuG0obEy2xmnGQ6G3Mzr74j4ifxnyvRq7levA2sBR4lhE5M80Cd5yKEJktcPWZYM99TmyO3KYjtmRW/Ws/XO3z9z1b1KohE5Ok/YX1YV0+Uk4/yuZo0Bjk+rErG505YMfRVtxSJ4ee418ZMfp4vOaqzKrSkHPie3zIR7SuVUeYPFZbcV65BKCUlT4EtPLgi8CHu8bMBQkdWxOnQEIBeY+TerAee/SiBCrA8M/n9bpLlRJkUb+URiGLoaj+XHym//fmCclAcveKlba6vKrcbqhEjsnY2F522yaTHcc1+wXUWqif7rSIPhc0+MT1hB1SZjd8dmPgtZUyzcL51DoChy+hZ4vLzE=

        </CipherValue>

      </CipherData>

    </EncryptedData>

  </connectionStrings>

</configuration>

Using  DataProtectionConfigurationProvider

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">

    <EncryptedData>

      <CipherData>        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAC604ocVBjE6iwNotzM4ZMQQAAAACAAAAAAADZgAAqAAAABAAAABWwjYy7bwZdDql3nImdFcfAAAAAASAAACgAAAAEAAAAK/xpOyKKzMSGwg/XsFAi/5gAQAAVOSKtGe5k21uyyxt35111auSE746lH5Ij8E1839D9e/eoFKvxCXFkBtlQD/sftjEGzfrmeTQQMMP2c5kWCGINH1N5NOReK+vOxZHQzkUJxn4D2fOxknLrprMvnRawhPmuqLcHC3iZTxWnxYL9pSGs3Gk9bEbhhFFNZN/0AvJ6OlqfvhpaI6zA1NIbS4MYcQ3lAsmupjE4deOB7ocTooJTWoToAxVJ0gC+hJnQ7ZwHiQLUIGmeaAs8nt7t8NJSWMhsFHbYzjpSGO4q8Iet1xsCnbxo5CH/N9mdC8SZ9Nz4XLt9TlmWJhjFIuCbv7YoqhI8895EQsOsQ9VumFaj1jIqNHMS8lWLcZULC7ZM1Yn/Dvhk+bNgaljLNRotdPeMIwLAbqVUY9kzeM1alVbFNkmC0uvApCli4lAq5n9rNyK5xktzxbA0QFRrI2W1A9ns3Y6g5Jcy9ztdEVfSbU+jGkvPBQAAACdTt+x46DXMgPiRLp9lMd36IFWsA==</CipherValue>

      </CipherData>

    </EncryptedData>

  </connectionStrings>

</configuration>
How this was done

In order to protect a section of the app.config file, we can use the ProtectSection() function to encrypt that portion of the file. There is no need to unprotect the section. We can still read the information from the section; the built-in configuration manager will automatically decrypt the cipher text.

private void ProtectSection(string sectionName)

{

    // Open the app.config file.

    Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);

   

    // Get the section in the file.

    ConfigurationSection section = config.GetSection(sectionName);

   

    // If the section exists and the section is not readonly, then  

    // protect the section.

    if (section != null)

    {

        if (!section.IsReadOnly())

        {

            // Protect the section.

            section.SectionInformation.ProtectSection ("RsaProtectedConfigurationProvider");

            section.SectionInformation.ForceSave = true;

            // Save the change.

            config.Save(ConfigurationSaveMode.Modified);

         }

     }

}
Getting the value

As stated above, there is no need to unprotect or decrypt the app.config file to get the value of the connection string; the decryption is handled by the .NET 2.0 framework. Simply open the app.config file and read the value of the connection string, like this:

// Open the app.config file.

Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);

// Display the current connection string.

txtConnString.Text = config.ConnectionStrings.ConnectionStrings["SampleSqlServer"].ConnectionString;
Email Post
Labels:

Comments

Post a Comment