Encrypting and Decrypting Configuration File
page 3 of 5
by Uday Denduluri
Feedback
Average Rating: 
Views (Total / Last 10 Days): 28034/ 94

Encrypting the Configuration File

Encrypting the configuration file has been illustrated in form of a simple method Encrypt. The code below assumes that user is well versed with programming of C# in ASP.NET. The code below explains how AppSettings section in Web.Config can be encrypted.

Listing 2

private void Encrypt()
{
//Name of the provider declared as string variable
const string PROVIDER = "DataProtectionConfigurationProvider";
 
// Open the Configuration file
Configuration ObjConfiguration =
 WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
 
// Open a section in the configuration file
AppSettingsSection ObjAppSettingsSection = ObjConfiguration.AppSettings;
 
// Encryption is done here
ObjAppSettingsSection.SectionInformation.ProtectSection(PROVIDER);
// Save the changes back to the configuration file
ObjConfiguration.Save();
 
// Reading the values after encryption and displaying the same
Response.Write(ConfigurationManager.AppSettings["Key"].ToString());        
}

Let us understand the code in Listing 1 step by step. We have a simple Encrypt method that does not have any parameters. It encrypts the appsettings section of web.config.

Listing 3

//Name of the provider declared as string variable
const string PROVIDER = "DataProtectionConfigurationProvider";

As shown in Listing 3 we have defined a constant provider. This is a custom protection provider. In some cases, we might need to encrypt information using an algorithm other than those available with the RSA or DPAPI providers. In that case, we can build a custom protected configuration provider to be used by ASP.NET. Here, the Provider defined is a custom protection provider. Developing the custom provider and extending the same is out of the scope for this section. We would be limited to only using the custom provider.

Listing 4

// Open the Configuration file
Configuration ObjConfiguration =
 WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
 
// Open a section in the configuration file
AppSettingsSection ObjAppSettingsSection = ObjConfiguration.AppSettings;

As shown in Listing 4, the configuration file is opened and read into the Configuration class and the appropriate section is read into AppSettingsSection class. [In this case it is AppSettings section.]

Listing 5

// Encryption is done here
ObjAppSettingsSection.SectionInformation.ProtectSection(PROVIDER);

As shown in listing 5 the AppSettings section gets encrypted.

Listing 6

<appSettings>
<add key="Key" value="Value"/>
</appSettings>

Listing 6 shows the AppSettings section before encryption.

Listing 7

<appSettings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
      <CipherData>
        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAvylHl+xPbE6
+vxGaIAr8OAQAAAACAAAAAAADZgAAqAAAABAAAAAUFpW88UBS/
QkWUOOFRdfRAAAAAASAAACgAAAAEAAAAAZ
NAa75GGiUzSMVh52mIgGIAAAAE7uQVThUA5sI4fA1C+FBWwS2H8N/c6K4KHAqz5Dqw7at2kx+
t0EXzDRAx1s1Bwmll4M7z0pwuTFGH5bZPJHGXTDqEaiHPRpaFSoyCAQ
3RCyXj6LnbxgZagBQNMU0elohTjLksNY8JdGpnrmL12Ncw
s9P5PKpA6MnPSv3H3yzG3xua17Fjn/nQRQAAACjJt5sQ5kreKEPBBPyLLnfR1RaVw==</CipherValue>
      </CipherData>
    </EncryptedData>
</appSettings>

 

Listing 7 shows the AppSettings section after encryption.


View Entire Article

User Comments

Title: Good one..   
Name: Gourik Kumar Bora
Date: 2009-03-04 1:03:41 AM
Comment:
Hi,
Its really good .can you please tell me how can i ensure that asp.net worker process will modify the web.config.
thanks in advance
Gourik
Title: Encrypting and decrypting a configuration file   
Name: Nitin Dixit
Date: 2007-07-26 3:46:41 AM
Comment:
Dear Uday,
How can i use my configuration after encryption?
Means lets suppose we have a connectionstring of my application and i encrypt that particular config section.
Now in my code behind how can i use it??????

thanks & Regards
Nitin Dixit






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2019 ASPAlliance.com  |  Page Processed at 2019-03-24 11:56:39 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search