Login or Sign Up to become a member!

EXPERTS, INFORMATION, IDEAS & KNOWLEDGE

Social bookmarker Add this

ASP.NET: Encrypt your applications settings

From Wiki

Jump to: navigation, search

Summary: Encrypt your connections strings and application settings in code

You can encrypt the appSettings and connectionStrings sections of your web.config file via code when your application first starts. To do this, create a file named "global.asax" in your root directory and add this code to it:

vbnetLine number On/Off | Show/Hide | Select all
  1. <%@ Application Language="VB" %>  
  2. <%@ Import Namespace="System.Configuration" %>  
  3. <%@ Import Namespace="System.Web.Configuration" %>  
  4.  
  5. <script runat="server">  
  6.  
  7. Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
  8.     ' Code that runs on application startup  
  9.  
  10.     ' Get the file path  
  11.     Dim path As String = HttpContext.Current.Request.CurrentExecutionFilePath
  12.     path = path.Substring(0, path.LastIndexOf("/"))
  13.  
  14.     ' Get the appSetting and connectionStrings sections  
  15.     Dim config As System.Configuration.Configuration = WebConfigurationManager.OpenWebConfiguration(path)
  16.     Dim appSettings As ConfigurationSection = config.GetSection("appSettings")
  17.     Dim connectionSettings As ConfigurationSection = config.GetSection("connectionStrings")
  18.  
  19.     ' Encrypt the appSettings and connectionStrings sections if they are not already protected  
  20.     If appSettings.SectionInformation.IsProtected = False Then
  21.         appSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
  22.         ' To unprotect this section, use:  
  23.         'appSettings.SectionInformation.UnprotectSection()  
  24.     End If
  25.     If connectionSettings.SectionInformation.IsProtected = False Then
  26.         connectionSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
  27.         ' To unprotect this section, use:  
  28.         'connectionSettings.SectionInformation.UnprotectSection()  
  29.     End If
  30.  
  31.     Try
  32.         config.Save()
  33.     Catch ex As Exception
  34.         ' If an error occurs, it is most likely a permissions error  
  35.         ' so make sure the ASP.NET process account has write permissions for the web.config file  
  36.     End Try
  37. End Sub
  38.  
  39. Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
  40.     ' Code that runs on application shutdown  
  41. End Sub
  42.  
  43. Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
  44.     ' Code that runs when an unhandled error occurs  
  45. End Sub
  46.  
  47. Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
  48.     ' Code that runs when a new session is started  
  49. End Sub
  50.  
  51. Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
  52.     ' Code that runs when a session ends.  
  53.     ' Note: The Session_End event is raised only when the sessionstate mode  
  54.     ' is set to InProc in the Web.config file. If session mode is set to StateServer  
  55.     ' or SQLServer, the event is not raised.  
  56. End Sub
  57.  
  58. </script>


This Hack is part of the ASP.NET Hacks collection

428 Rating: 3.0/5 (2 votes cast)

Retrieved from "http://wiki.lessthandot.com/index.php/ASP.NET:_Encrypt_your_applications_settings"

Tools


RssFeeds

Blogs


Become a blogger

Statistics


Top 10 rated users for the last 7 days

User Ratings
SQLDenis32
chrissie117
ca8msm10
ZmrAbdulla4
onpnt3
damber3
ptheriault3
gmmastros3
tarwn1
AlexCuse1

Links



With Thanks To...


Powered by MediaWiki GNU Free Documentation License 1.2
Valid XHTML | Valid CSS