In this article I will show you a super simple and secure way to encrypt your connection string in your asp.net web application. This is how you do it.
How to encrypt the connection string directly on the deployed server?
1>Place this inside the <configuration> section of your web.config.
<configProtectedData>
<providers>
<add name="myProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,processorArchitecture=MSIL"
keyContainerName="myKey"
useMachineContainer="true" />
</providers>
</configProtectedData>>
2>Save the bolded text below in a file named encrypt.bat
(Note the extension of the file is .bat )
cls
SET PATH=%windir%\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis -pc "MyKey"
aspnet_regiis -pa "MyKey" "NT AUTHORITY\NETWORK SERVICE"
aspnet_regiis -pa "MyKey" "ASPNET"
aspnet_regiis -pef "connectionStrings" "." -prov "MyProvider"
pause
3>Where ever the web.config of your web application resides, put the encrypt.bat in the same folder.
4>Execute encrypt.bat.
Now if you open your config file, the connection strings section would look something like this
<connectionStrings configProtectionProvider=" MyProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>IAA6fBJIxQFSe2hoy+vEGxeY80uZmNDVrIJ/bTMMYA6VErTLvvNRSZwdKdrrAHcXSngI/GABuTUG1+kjuMx0QMdXSF+xbu7byTwwnhmeCxc0CGdnqlemKyz2XAHlYH1b9TyhEQD+CDScN0T6nn28j+LCNOdmYzAoC1Rymnj6Rws=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>ZuHH8MoSkuc7x+tyZb75pmBrepHFQLIgC56d9bbrsiavqdnaUJ71y+2Gq5Kw51Jv5RxTSOxCRSk1UBqOy872L+IzkzlKKlWjD9Ib83Y9GrTV3nzBV5iVbe91lh/ScQ9gVZtjTwYgPEn7vv6ss/ooNjm6mkAkotXp4wLMTCVlxDswZfou9zJuM7uXDQrwtiwzIITUB/5eeIO84k3m9rfSVsfaDBCcXBuGxYgB9uvtjN/tjGALohxeDWfzioylTY/iJweRmuWZleOj8VPCeHh5OWJnV0/+EVkzuWIWScD20QJmTdLq0ij9IsX4SS0m1du3t8xrDy5y58xZZJ8dEP4uNhs/qYoYN0avcVE8H5EEXG2G4WU/SpIMfKjXXp8Yrl4ETxCOftIPagQi4ERSZKEL0dCKhd0LNm8kxtLXSSoXXT7j5npCvCrSzq5FBKbfCYcJpapa+P/Kw5NtiMcHsv5UuF9kvL0udjzoG8ibgEXdLYogfylvWIqkFO0Wqi/xlbCoRlrIqa/DEFSMa0dSiKBECy6z5Bv49FlWhffB54YqMMUTOqeDPieCAvs9f9PWIf2xLYE9c4IXXaVJ+6P5iCGoDja/SDxQlXaDn03KvDQmEdvjriVie1FuOSZ1JExw/xsy</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
There! You are good to go!
What If you need to replace the web.config later some time?
Run this on command prompt
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pz "MyKey"
This will remove the machine key "MyKey" that was created at
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Then go ahead and run encrypt.bat
Further reading
Walkthrough: Creating and Exporting an RSA Key Container:
http://msdn.microsoft.com/en-us/library/2w117ede(v=VS.100).aspx