Encrypt ConnectionStrings in App.config
by David Hayden ( Microsoft MVP and .NET Developer )
I wrote a post called Encrypt Connection Strings, AppSettings and Web.Config in ASP.NET 2.0 - Security Best Practices that discusses programmatically encrypting various sections of your web.config in ASP.NET 2.0.
Today a question came up about how to encrypt connection strings programmatically in your app.config. I won't pretend to be a windows developer, but the following code seemed to do the trick:
Configuration config = ConfigurationManager.
OpenExeConfiguration(ConfigurationUserLevel.None);
ConfigurationSection section =
config.GetSection("connectionStrings");
if (section != null)
{
if (!section.IsReadOnly())
{
section.SectionInformation.ProtectSection
("RsaProtectedConfigurationProvider");
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
}
}
You can add more checks to verify it isn't encrypted already as well as use the DPAPI provider instead, but this gets across the idea.
Source: David Hayden ( Microsoft MVP and .NET Developer )