Enterprise Library 2.0 DAAB and Encrypting ConnectionStrings in App.Config
by David Hayden ( ASP.NET Developer )
A question came up in the Enterprise Library 2.0 Forums about encrypting connection strings in App.Config for use with the Data Access Application Block and a console applicaton.
I am sure there are several ways to go about encrypting your connectionstrings in App.Config, but I typically do it programmatically using a utility library that essentially encrypts App.config via c# code upon application startup as mentioned in the following post:
I also wrote a tutorial that shows encrypting the web.config in your ASP.NET web applications:
Enterprise Library 2.0 DAAB and encrypting connection strings are orthogonal concepts. One has nothing to do with the other as the DAAB doesn't know if the connectionStrings configuration section is encrypted or not and could care less. However, encrypting your connection strings and sensitive information in your App.config file is a good security practice.
Here is a console application I wrote quickly that encrypts the connectionStrings section of the EXE config file and then does a quick query of the Northwind Database's Categories Table in SQL Server 2000:
using System;
using System.Configuration;
using Microsoft.Practices.EnterpriseLibrary.Data;
using System.Data;
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
EncryptConnectionStrings();
Database db = DatabaseFactory.CreateDatabase();
DataSet categories = db.ExecuteDataSet
(CommandType.Text, "SELECT * FROM Categories");
foreach (DataRow dr in categories.Tables[0].Rows)
{
Console.WriteLine(string.Format("ID: {0},
Title: {1}", dr[0].ToString(),
dr[1].ToString()));
}
Console.ReadLine();
}
static void EncryptConnectionStrings()
{
Configuration config = ConfigurationManager.
OpenExeConfiguration
(ConfigurationUserLevel.None);
ConfigurationSection section =
config.GetSection("connectionStrings");
if (section != null)
{
if (!section.IsReadOnly())
{
section.SectionInformation.ProtectSection
("RsaProtectedConfigurationProvider");
section.SectionInformation.
ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
}
}
}
}
}
Here is the original App.config file using the DAAB:
<xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="dataConfiguration"
type="Microsoft.Practices.EnterpriseLibrary.
Data.Configuration.DatabaseSettings,
Microsoft.Practices.EnterpriseLibrary.Data,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=null" />
</configSections>
<dataConfiguration defaultDatabase="Northwind" />
<connectionStrings>
<add name="Northwind"
connectionString="Data Source=
(local);Initial Catalog=Northwind;Integrated
Security=True;"
providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
The encrypted config file is rather cryptic :)
<xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="dataConfiguration"
type="Microsoft.Practices.
EnterpriseLibrary.Data.Configuration.
DatabaseSettings,
Microsoft.Practices.EnterpriseLibrary.Data,
Version=2.0.0.0,
Culture=neutral, PublicKeyToken=null" />
</configSections>
<dataConfiguration defaultDatabase="Northwind" />
<connectionStrings
configProtectionProvider=
"RsaProtectedConfigurationProvider">
<EncryptedData
Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/..." />
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="...www.w3.org/2001..." />
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa KeyKeyName>
<KeyInfo>
<CipherData>
<CipherValue>RnG/il7TeAMNysn...CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>pDTbmP2jSZ/SeKMoeB...CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Hopefully this helps.
Source: David Hayden ( ASP.NET Developer )
Filed: Enterprise Library 2.0 Tutorials and Examples