Encrypt and Decrypt Connection String in Web.config

Today in this article, I will explain how we can encrypt and secure our connection string in web config file. This post provides a basic reference on how basic protection can be achieved using the aspnet_regiis.exe tool, by default installed with .Net Framework.
So, it is always recommended to encrypt the connection string of your application because the data we have here is highly sensitive. It must be secured. Follow these instructions in order to implement “Encrypt and Decrypt Connection Strings in Web.config Using aspnet_regiis.exe”

Lets have a look of plain Connection String in Web.config file before encryption. The Screenshot below shows the plain connection string before Encryption:

Step1: Open Developer Command Prompt.
You will need to open Developer Command Prompt from Start Menu > Microsoft Visual Studio 2013 > Common7 > Tools > Shortcuts
Note:  You must be log in as Administrator and right click Developer command prompt Prompt and select Run as Administrator

Note: In this Article, I explaining the process using Microsoft Visual Studio 2013. This process is same for the other versions. The only difference will be that you need to open Visual Studio Command Prompt from the folder of their respective version of Visual Studio installed on your computer.

Encrypting the Connection String in Web.Config using aspnet_regiis.exe tool. 
For encrypt the connection string in the Web.config file, you will need to use the aspnet_regiis.exe tool.
Syntax:  aspnet_regiis.exe -pef “connectionStrings” “<Path of the Folder containing the Web.Config file>”

This command requires 3 arguments:
–pef: It represents the action to be performed. In order to perform Encryption, the parameter value is -pef.
connectionStrings: It represents section of the Web.Config file to be encrypted. For this case, the value will be connectionStrings.
Path of Folder: Here we need to provide the path of folder that containing the Web.config file.

Example: aspnet_regiis.exe -pef  “connectionStrings” “D:\My Project\Testwebsite”

Above command will encrypt the all the Connection Strings in the ConnectionStrings section of Web.Config file.
 
Connection String in Web.config file after Encryption

 Access the Encrypted Connection String in Code behind
Asp.net will automatically decrypt the connection string when it is fetched in code behind, so you need to access the connection string in same way as you would be in a general way.

public partial class _Default : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["con"].ConnectionString);
    protected void Page_Load(object sender, EventArgs e)
    {

    }
}

Decrypt the Connection String in Web.Config using aspnet_regiis.exe

For decrypting the ConnectionString section in the Web.Config file, we will need to use the aspnet_regiis.exe tool that was used for encryption.
Syntax: aspnet_regiis.exe -pdf “connectionStrings” “<Path of the Folder containing the Web.Config file>”

 This command requires 3 arguments:
–pdf: It represents the action to be performed. In order to perform Decryption, the parameter value is -pdf.
connectionStrings: It represents section of the Web.Config file to be decrypted. For this case, the value will be connectionStrings.
Path of Folder: Here we need to provide the path of folder that containing the Web.config file.
Example: aspnet_regiis.exe -pdf  “connectionStrings” “D:\My Project\Testwebsite”

Above command will decrypt the all the Connection Strings in the connectionStrings section of Web.Config file.
Note: This decryption process is machine specific means, connectionStrings can be decrypted on the same machine where we perform encryption.

Posted : 6 years ago