Skip to Content
Professional Visual Studio® 2008
book

Professional Visual Studio® 2008

by Nick Randolph, David Gardner
July 2008
Intermediate to advanced
1026 pages
27h 59m
English
Wrox
Content preview from Professional Visual Studio® 2008

39.4. Encrypting Connection Strings

Although best practices state that you should use Windows authentication and integrated security wherever possible, this is not always the case; sometimes you have to resort to specifying a user ID and password in a connection string. It is recommended that this information not be hard-coded into your application, because it can easily be extracted from the assembly. As such, this information needs to be either specified by the users each time they use the system, or added to the connection string in the configuration file. The upshot of this is that you need a mechanism for encrypting configuration sections.

This walkthrough shows you how to encrypt a section of a configuration file for a web application, StagingWebsite, which has a web.config file as follows:

<?xml version="1.0"?>
<configuration>
    <connectionStrings>
        <add name="AdventureWorksConnectionString" connectionString="Data Source=
.\sqlexpress;Initial Catalog=AdventureWorks;Integrated Security=True"
             providerName="System.Data.SqlClient" />
    </connectionStrings>
    <!--
        ...
    -->
</configuration>

Using the command prompt, execute the following commands in sequence, replacing UserName with the name of the account that the web application will run as (for example, the AspNet account):

  1. cd\WINDOWS\Microsoft.NET\Framework\v2.0.50739
  2. aspnet_regiis -pa "NetFrameworkConfigurationKey" "UserName"
  3. aspnet_regiis -pe "connectionStrings"-app "/StagingWebsite"

Executing these commands modifies the web.config ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Professional Visual Studio® 2010

Professional Visual Studio® 2010

Nick Randolph, David Gardner, Michael Minutillo, Chris Anderson
Visual Basic 2015 Unleashed

Visual Basic 2015 Unleashed

Alessandro Del Sole

Publisher Resources

ISBN: 9780470229880Purchase book