Friday, 30 November 2018

Encrypt and Decrypt of Connection string in Web.config file

This article explains encryption and decryption of Connection String section of the Web.Config file using aspnet_regiis.exe Command Line Utility of the Visual Studio.


The Plain Connection Strings section in the Web.Config file
The below screenshot shows the Plain Connection Strings section in the Web.Config file before encryption.





Encrypting the Connection Strings section in Web.Config file
You need to follow the following steps for encrypting the Connection Strings section in the Web.Config file

1. Open Visual Studio Command Prompt 
You will need to open the Visual Studio Command Prompt from the Start Menu => Programs => Microsoft Visual Studio 2017 => Visual Studio Tools => Visual Studio Command Prompt.
Note: You must be log in as Administrator and right click Visual Studio Command Prompt and select Run as Administrator.
Note: In this tutorial, I am explaining the process using Microsoft Visual Studio 2010. The same process will be applicable for the other versions. The only difference will be that you need to open Visual Studio Command Prompt from the folder of the respective version of Visual Studio installed on your machine.

2. Encrypting the Connection Strings section in Web.Config using aspnet_regiis.exe tool
In order to encrypt the ConnectionString section in the Web.Config file, we will need to use the aspnet_regiis.exe tool.
Parameters
Action – It notifies the action to be performed. In order to perform Encryption, the parameter value is -pef.
Section Name – The name of the section of the Web.Config file to be encrypted. For this case, the value will be connectionStrings.
Path of the folder – Here we need to specify the path of the folder containing the Web.Config file.
Syntax
aspnet_regiis.exe -pef "connectionStrings" "<Path of the Folder containing the Web.Config file>"

Example
aspnet_regiis.exe -pef "connectionStrings" "D:\Sai\Projects\MyTestWebsite"

Note: The above command will encrypt all the Connection Strings present in the ConnectionStrings section of the Web.Config file.

Encrypted Connection Strings section in the Web.Config file
You can see Encrypted Connection Strings section in the Web.Config file after encryption.
Accessing the Encrypted Connection String value in ASP.Net Code behind
ASP.Net will automatically decrypt the Connection String when it is fetched in the code behind and hence in code behind you need to access the Connection String in the same way as you would do normally.
Decrypting the Connection Strings section in Web.Config using aspnet_regiis.exe tool 
In order to decrypt the ConnectionString section in the Web.Config file, we will need to use the same aspnet_regiis.exe tool that was used for encryption.
Parameters
Action – It notifies the action to be performed. In order to perform Decryption, the parameter value is -pdf.
Section Name – The name of the section of the Web.Config file to be decrypted. For this case the value will be connectionStrings.
Path of the folder – Here we need to specify the path of the folder containing the Web.Config file.
Syntax
aspnet_regiis.exe -pdf "connectionStrings" "<Path of the Folder containing the Web.Config file>"

Example
aspnet_regiis.exe -pdf "connectionStrings" "D:\Sai\Projects\MyTestWebsite"

Note: The above command will decrypt all the Connection Strings present in the ConnectionStrings section of the Web.Config file.