How to Encrypt Connection String in Web.config in ASP.NET

In this post, we will explain How to decrypt and encrypt Connection String in Web.config in ASP.NET?

---

Encrypt and Decrypt Connection String in Web.config in ASP.NET

First of all, specify which framework version your web site has used.

Get .NET Framework Version

• Open IIS > Sites.
• Select your site that you would like to encrypt its connection string.
• On the right side, click on “Basic Settings”.
• You should find the assigned Application Pool as shown below:

• Go back to the “Application Pools” list.
• Search for the assigned Application Pool.
• Double click on the Application Pool name to find the .Net Framework version as shown below:

---

How to Encrypt Connection String in Web.config in ASP.NET

The simplest way to encrypt the <connectionStrings> section is to use the “aspnet_regiis” command-line tool that located in the following folder as per your .Net framework version:

C:\Windows\Microsoft.NET\Framework\v4.0.30319

Run “aspnet_regiis” command-line tool

• Locate the physical location of your web site.
• Take a backup from your ASP.Net web.config.
• Executing the below command “aspnet_regiis -pef connectionStrings” will encrypt the <connectionStrings> section at a “Web.config” file for your web site that located in the path “c:\path\MyWebsite”.

<configuration> 
<connectionStrings> <add name="ConnString" 
connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory
|MyDatabase.mdf;Integrated Security=True;User Instance=True" /> 
</connectionStrings> 
</configuration>

• Run “aspnet_regiis -pef connectionStrings” with your web site physical path as shown below:

aspnet_regiis -pef connectionStrings "the web site Physical URL"

The -pef option stands for “Protect Encrypt Filepath” that encrypts a particular configuration section located at a particular path.

Encrypt Connection String in Web.config in ASP.NET

After running the above command, and to make sure that your connection string has been encrypted successfully, you should do the following:

• Locate the Website physical URL Path in Windows Explorer.
• Open the “web.config” file.
• The connection string section should look like the following:

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
        xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyName>Rsa Key</KeyName>
                </KeyInfo>
                <CipherData>
                    <CipherValue>aaDCgPfXa4bYF6N/sDPAdwjRd7nVQb0QWpXrkIjRNQ0F7PcXvwO+uvovGLOk1NLpK8YzMOpVlLiAgXj3cPHhEB96z4ZpQREYacV9tcOdXCgATNkMg75dj74csI8luZADqpqRHfYL38JEXhxK552ZF/csUm0xygqLQxQdZ9tliIYl+Ef4vUa0IpaxsRWHHsFb/GSJtz/fGQi9TUkKhzjJzDU/J44FQTG53cwOaDVEswQvK5q1Jb5waXEN05ujINlaqrZgNZVYjOsE/LBNJGkMU661Lqpa8Tmn6G8yDTi4JxV6TXQZm8UfTUHEEg0xJW3PlXZpqsN2ltyc6NU5uOLR+w==</CipherValue>
                </CipherData>
            </EncryptedKey>
        </KeyInfo>
        <CipherData>
            <CipherValue>rX+WTux8UFfXEe0bWODqu1V98i78XIlu2OCye+Y9NONQASBa770Y7Y/5hEPxsiIu3aooJgZeaaL/Fyv2SnD3ZUusBISnqsHraMEhkLNiIdEejgR8tSeQ4EM/83xpxGEV+lJRBBn/jjNBH7undTF2BSZ8fxfWMSV6E78k9WUKCSkNzzbt9CuKnw8mFVgGnVnlWglLZ0ePH6djdL/C86nD7gjjRqkX7ronyYc/h7EILcRc400/RiflGoUncDBDefJc16zvdmrRnb7qcXeA4/yo4jNWV2ocT9e27L+rLyLoe0gq0gRdizrUDA==</CipherValue>
        </CipherData>
    </EncryptedData>
</connectionStrings> 

ASP.NET page can read the value of the connection string using this expression <%$ ConnectionStrings:ConnString %>

---

How to Decrypt Connection String Web.config in ASP.NET?

You can also decrypt the encrypted <connectionStrings> section using the -pdf option as shown below:

aspnet_regiis -pdf connectionStrings "the web site Physical URL"

The -pdf option stands for “Protect Decrypt Filepath” that decrypts an encrypted connection string.

---

Conclusion

In conclusion, we have explained How to

• Encrypt a Connection Strings in ASP.NET Web.config?
• Get the .NET Framework Version.
• Decrypt a Connection Strings in ASP.NET Web.config?

Applies To

• ASP.NET
• .NET Framework.

You might also like to read

• Connection Timeout Expired. The timeout period elapsed while attempting to consume the pre-login handshake acknowledgment.

Have a Question?

If you have any related questions, please don’t hesitate to Ask it at deBUG.to Community.