M ha chui kt ni

Open the web.config and add the following sample entries in the file between the
<configuration> tag as shown below:

<configuration>
<appSettings>
<add key="var1" value="SomeValue"/>
</appSettings>
<connectionStrings>
<add name="MyConnString" connectionString="Data Source=(local);Initial
Catalog=Northwind;Integrated Security=True;" />
</connectionStrings>
<system.web>...

</configuration>

Step 3: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use
these buttons to encrypt and decrypt the sections of the web.config file. Add the following
code in the button click event of the two buttons:

C#

string provider = "RSAProtectedConfigurationProvider";

string section = "connectionStrings";

protected void btnEncrypt_Click(object sender, EventArgs e)

{
try
{
Configuration confg
=WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(section);
if (confStrSect != null)
{
confStrSect.SectionInformation.ProtectSection(provider);
confg.Save();
}
// the encrypted section is automatically decrypted!!
Response.Write("Configuration Section " + "<b>" +
WebConfigurationManager.ConnectionStrings["MyConnString"].ConnectionSt
ring + "</b>" + " is automatically decrypted");
}
catch (Exception ex)
{

}
}
protected void btnDecrypt_Click(object sender, EventArgs e)
{
try
{
Configuration confg
=WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(section);
if (confStrSect != null && confStrSect.SectionInformation.IsProtected)
{
confStrSect.SectionInformation.UnprotectSection();
confg.Save();
}

}
catch (Exception ex)
{

}
}

Kt qu:

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider
">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-
cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>ZehN7B+VXBdJTe1X3NFz9Uz3NqxvjSMmbytLeHGNlZa4
JkkpRkXzphm5sedHeMTk5KZCHxoYrJ4ssJ0OcZnzLxNUrAB9Ie3y8xJVWJ2s0RQ
dmaGk5bSJADE1xKJBuOtDIOi/Ron7qJDWXwllC3v
vmNwgabmJ9RU+RN35TOQpznc=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>q2amqNwjeyEbMxF5pZ3XqfboNUJKSml773mPkISGi6uWCWCDPs
0ICClmH1eQYcsI9FlxFvEfyRyRRugqOU2xe+gd3aRZEZ5irpGFB45Fn6M+te7kg
OeTK1gjGEsbeaNjBNwgpcXMh9RiA9xVOvWlLAyJ3u8DsDQ+4JmM/zTUtxer/8Dl
UI7+u8D+9V4b5tWxShp4BToMFdTcefhMb19pGdn+jocGet
WBJirO5CJsLXI=</CipherValue>
</CipherData>
 </EncryptedData>
</connectionStrings>

Hoc:

ASP.NET 2.0 introduced Protected Configuration model that allows you to encrypt data using two
Protected Configuration Providers. They are:

o RSAProtectedConfigurationProvider: This is the default provider and uses the RSA Public
Key Encryption algorithm to encrypt and decrypt data.

o DataProtectionConfigurationProvider: This provider uses Windows Data Protection

Application Programming Interface (DPAPI) to encrypt and decrypt data.

Let's explore this new capability of encrypting and decrypting of connection strings in web.config files
using above two providers available in ASP.NET 2.0.

Programmatic Encryption/Decryption

Take web.config file which contains valid connection string from some existing project. Bellow is an
example of configuration section.

<configuration>
<appSettings/>
<connectionStrings>
<add name="NorthwindConnectionString" connectionString="Data Source=ARAS02-XP;Initial
Catalog=Northwind;User ID=sa"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
<pages theme="Theme1" />
</system.web>
</configuration>

You can observe <connectionStrings> section in above sample which contains connection string
information.
Add new form to your existing project and add the below method EncryptConnString() to code
behind of the form. We will use RSAProtectedConfigurationProvider model to encrypt the connection
strings. We will try to analyze this magic piece of code. Let's start with namespaces. The
System.configuration namespace contains classes which deal with the configuration information
associated with client applications and ASP.NET applications. The
System.Web.Configuration.WebConfigurationManager class is the preferred way to provide
programmatic access to configuration files of ASP.NET web applications. You can use one of open
methods provided by WebConfigurationManager that return configuration object which in turn
provides the required methods and properties to handle the underlying configuration files. The
GetSection method of configuration object returns the connectionStrings section object for the
web.config file.

using System.Web.Configuration;
using System.Web.Security;
using System.Configuration;

public void EncryptConnString()

{

Configuration config =WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
}

Encrypting Connection string using RSAProtectedConfigurationProvider model

You can observe in below listing that connectionStrings section is encrypted when we execute above
method using RsaProctectedConfigurationProvider model.

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>

<CipherValue>NQPKYTuUVO5SWpxXdBUpoMKYYUmEBBuAw8LXe+DxMYrkMzzAJsUVw6uZZLJ
XWa9ipAEx
hvS2hhkGx7MHkpustn+IT+PpuxtIKSDFkumZdA/3kcaHuSO74M75Qt+BmW42v/KWNwVv
7umXLz78ka4jDeY/yf2BMpkcs35TkSS9PVM=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
 <CipherData>

<CipherValue>MVKe6xdu6h4DqGHmzuzeBqaWcL+m+Rl0EHi9uwQAqhZ9N56HzGgC66cXEiDJ8IG
aSCrAYm 7z2ERQYKwjMyTJMkiJ3cSk7CSgqxfrT3+7+DzzKMkB489AmADfxtRyt3JE0bWIclhsHgLn
YthS6mMiXTusSzRIcPMESb+ZAIkyCTPt6+2BxDNimgFX42Xt7abvNinknaUk
uJYKr7tgOzVfS00IesVA/jou1t8FTjM14b9YGvHPtBDq00Jm/cD9iGtP2OM6RnhLgy+MUr
3NPiuWutsEcUGELfOwkMvKQ6Igsg6eqae4c0dZlg==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>

Similarly, we can encrypt connectionStrings information using DataProtectionConfigurationProvider

model. Use the same above method and replace parameter for ProtectSection method with
DataProtectionConfigurationProvider as shown below.

section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");

<configuration>
<appSettings/>
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>

<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcHu0TgBbIEyfG1RWWqIDSgQAAAACA
AAAAAADZg
AAqAAAABAAAACSAX+UlFBbL2xUT1mYruSgAAAAAASAAACgAAAAEAAAAODHdp8b3SFHl8S6
yVQ/Ydu4AQAAitMpkAI8SjZc349E63yEAV/mVQzOv29H2mXvz2j+2kg8FTGYV95xySZrUH
ICx/i5hBq//iQNc1v/Jp0xLxJf6+K/nSQwJTnGWBn3555HJHKU8yAeQCN9Iw/6YWs/q6oV
GpPwMmoSe6jS+5bHzThxQrpUqxVXB4aHKeVnAfjcdj5bIBKe9jaZ0kP31UVlB9TB5z+94G
a6LNWuWWcZf/iAfrZ/EZMkEcGJE20Reb3XSm/e+LN1di2YyRxXVYV+b6MDTi7DgHC7ilZs
g+/81jCn2UtW4k74wKDXrTjAS3LgWxBdFEUPnwSKbKF+/DF24MVECZ6t7oyxoPH7OqaxR/
IDnPLxHAqtd8eT9VKmzouULpQBwrO6echS1MJL8zmvCNMsLz1JnyBlwxYvst8tQs+5MCIn
dQ1K9615hLiwP/JIUy9T3Hk1pCn37m8tEV+meRguS1yIOXMQ3nsPUI5d1C+Nt4068EecEk
uoWujCEUHu9JcpZa2KVsnSYLix5MOEvqGPtbSMmTt7TE7leicEpEn6Hm3LWYQE2N85Skpt
x5AN/Pfuwl42fMzzs07ZhRFtLDwku/a2/ZQahHIUAAAAdOITPi1vY6agWisqaA6+H/qOoc
s=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
<pages theme="Theme1" />
</system.web>
</configuration>

Encrypted Connection String using DataProtectionConfigurationProvider

You can in the similar way decrypt connection strings information using below method.

public void DecryptConnString()

{
 Configuration config
=WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
}