4

I am using sessionState mode = "SQLServer" in my application. Is there any way to encrypt the connection string that was passed in web.config?

Ankit
  • 6,388
  • 8
  • 54
  • 79

2 Answers2

4

To encrypt sql server connection between applications you can just add 

encrypt=true

to the connection string, eg:

"Server=##.##.##.##,1092;Database=dbname;uid=username;pwd=password;encrypt=true"

To encrypt the string in web.config see how-to-encrypt-connection-string-in-web.config

Neil Thompson
  • 6,356
  • 2
  • 30
  • 53
1

I was in the same position and I also couldn't find any answer. The accepted answer also doesnt reciprocate the question asked in my opinion. After some research, i did the following to solve the issue and encrypted the sessionState node having connectionString of web.config

Encryption:

You can follow the following steps to encrypt a specific section of web.config:

  • Run command prompt as an administrator

  • Execute the command:

     cd C:\Windows\Microsoft.NET\Framework\v4.0.30319

  • Execute the command:

ASPNET_REGIIS -pef "system.web/sessionState" "PhysicalPathOfWebsiteThatHasWebConfigFile"

Decryption:

Similarly if you want to decrypt a specific node in the web.config, follow the same above steps and replace -pef with -pdf in the final step and the utility will decrypt the specific node

Explanation about above commands:

  1. ASPNET_REGIIS: Taken from official MSDN, You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file is processed. And -pef tells that you want to use it for encrypting a specific section in your web.config. It serves other purposes as well as explained in the official MSDN

  2. system.web/sessionState is the specific node that you want to encrypt.

  3. PhysicalPathOfWebsiteThatHasWebConfigFile is the physical path of your application (where web.config is located). Please do not add an extra ‘\’ at the end of the path.

Other Reference Links:

https://learn.microsoft.com/en-us/previous-versions/aspnet/zhhddkxy(v=vs.100)

What does aspnet_regiis.exe do

SU7
  • 1,586
  • 1
  • 18
  • 26