Change ConnectionString only in runtime memory

Question

Change ConnectionString only in runtime memory

Navigation

#1 by (1 votes)

1

In the App.config of my application I encrypted the ConnectionString, I now need to decrypt in runtime but not updating in the App.config file.

I am using the following code, but the same ends up changing in the file losing the logic of I leave encrypted.

var config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
var connectionString = (ConnectionStringsSection) config.GetSection("connectionStrings");
connectionString.ConnectionStrings["ControleBD"].ConnectionString = "Data Source=NewSource;Initial Catalog=NewCatalog;UID=NewUser;password=NewPassword";
config.Save();
ConfigurationManager.RefreshSection("connectionStrings");

c# entity-framework

asked by anonymous 29.05.2016 / 23:26

1 answer

Laravel - Save data in the database only if there is no ... SelectList with ViewBag

score 1 · Answer 1

First, you are not encrypting the password, you are not even protecting it. after all you can "decompile" your dll using tools like decompiler

If you want to protect your sensitive data, you should move the contents of the appSettings and connectionStrings section to a separate file using the file and configSource attribute respectively.

The example below has been taken from the following link: Best practices for deploying passwords and other sensitive data to ASP.NET and Azure App Service

<connectionStrings>
  <add name="ControleBD" connectionString="Data Source=NewSource;Initial Catalog=NewCatalog;UID=NewUser;password=NewPassword" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings> 
  <!-- Informação Sensivel -->
  <add key="serviceAccount" value="account" />
  <add key="servicePassword" value="my password" />
  <!-- Informação Não Sensivel-->
  <add key="Versao" value="1.2.3.4" />
</appSettings>

In this case, you can create two files, one for the connection string and one for the settings.:

\ app.config or \ web.config

<connectionStrings configSource="\App_Configs\connectionStrings.config">
  <add name="ControleBD" connectionString="Data Source=NewSource;Initial Catalog=NewCatalog;UID=NewUser;password=NewPassword" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings file="\App_Configs\appSettings.config"> 
  <add key="Versao" value="1.2.3.4" />
</appSettings>

\ App_Configs \ connectionStrings.config

<connectionStrings>
  <add name="ControleBD" connectionString="Data Source=NewSource;Initial Catalog=NewCatalog;UID=NewUser;password=NewPassword" providerName="System.Data.SqlClient" />
</connectionStrings>

\ App_Configs \ appSettings.config

<appSettings> 
  <add key="serviceAccount" value="account" />
  <add key="servicePassword" value="my password" />
</appSettings>

Then you should limit access to these two files.

Now if you want to encrypt a section of web.config, then use aspnet_regiis.exe , to know where it is located, open Command Prompt of your Visual Studio and type where aspnet_regiis , in my case it's located at:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

then run aspnet_regiis by passing the following arguments:

aspnet_regiis -pef "connectionStrings" 'Path Completo para o diretorio com o web.config'

To learn more about aspnet_regiis , access the link: Ferramenta de registro ASP.NET IIS (Aspnet_regiis.exe)

Remembering that if your configuration file has a name other than web.config , you should rename it to web.config . and if you want to keep connectionStrings in a separate file, you should move it after encrypting the section.