Re: Encrypted and Decrypted Conn String Programatically
- From: "Nobody" <nobody@xxxxxxx>
- Date: Fri, 24 Nov 2006 22:44:14 -0800
"Ranginald" <davidwank@xxxxxxxxx> wrote in message
news:1164435617.465122.222830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If I encrypt it with aspnet_regiis on my local machine, how do I
decrypt it on the production (shared hosting server)? e.g. When is
"installation"?
I read a Iot about the topic before I posted and I thought I had to
have access to aspnet_regiis on the remote machine in order to use
aspnet_regiis....something about copying the keys to the remote server.
If I encrypt it locally as you say using aspnet_regiis, do I use RSA or
DPAPI?
Thanks,
David
(nice use of "automagically")
"Ranginald" <davidwank@xxxxxxxxx> wrote in message
news:1164434208.185842.26310@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a question about encrypting connection strings in an asp.net 2.0
app in a shared hosting environment. From what I have read, I believe
I need to programatically encrypt and decrypt the conn string because I
do not have access to run aspnet_regiis on the remote machine.
My question is where to do I put the code?
Do I first encrypt the connection string on page_load, and then every
time I need to access the database decrypt the code? How do I start
with the conn string encoded, and then decrypt it only when needed.
There is a great sample by David Hayden and I understand the concept, I
just don't know where to "put" everything.
(http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx)
Thanks in advance!
-David
You have aspnet_regiis on every machine that has the .net framework
installed.
You don't need to encrypt & decrypt programatically as that happens
automagically by the framework. Just encrypt it once during installation
with aspnet_regiis and forget about it.
You can't encrypt the web.config during development and ship that one
because its specific to a machines private keys.
I meant: you run aspnet_regiis on the server as part of the process of
"copying the website over to the production server". Once you've copied
everything over to your production server you run aspnet_regiis ON THE
SERVER and the web.config is encrypted using that machines private keys, so
it wont be able to be read on any other machine.
You should be putting your connection strings in the
"connectionStrings" section in your web.config. Now, in your code, when you
want to access it, you access it like so:
SqlConnection sqlCon = new
SqlConnection(ConfigurationManager.ConnectionStrings["cstrDatabase"].ToString());
thats it... no encryption, decryption is necessary on your part as it all
happens "automagically"... of course as I said earlier, if you copy an
encrypted web.config to another machine, it will no longer work. Its
encrypted per machine.
.
- Follow-Ups:
- Re: Encrypted and Decrypted Conn String Programatically
- From: Ranginald
- Re: Encrypted and Decrypted Conn String Programatically
- References:
- Encrypted and Decrypted Conn String Programatically
- From: Ranginald
- Re: Encrypted and Decrypted Conn String Programatically
- From: Nobody
- Re: Encrypted and Decrypted Conn String Programatically
- From: Ranginald
- Encrypted and Decrypted Conn String Programatically
- Prev by Date: Re: Encrypted and Decrypted Conn String Programatically
- Next by Date: Session object in ASP.Net 2.0
- Previous by thread: Re: Encrypted and Decrypted Conn String Programatically
- Next by thread: Re: Encrypted and Decrypted Conn String Programatically
- Index(es):
Relevant Pages
|
