This article will explain how to implement custom encryption
of connection strings in configuration files using certificates for security
reasons.
In most of the applications, connection strings will be
mentioned encrypted format in configuration files. To provide more security to the applications we can use
custom encryption using certificates. This will provide more security to the
applications.
Steps:
- Generate the certificate using the following command which will also store the certificate under the Current User - Personal store
- Command to generate the test certificate :
- makecert -r -pe -n "CN=CSProtectedConfigCertificate" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
- Create a Custom Library project in Visual Studio and add this certificate to the project.
- Create class and implement methods for Encrypting and Decrypting similar to this link.
- Build this solution and register the DLL in GAC using Visual Studio Command Prompt
gacutil.exe -i CustomProtectedConfigurationProvider.dll
- Update below configuration details in machine.config or web.config:
CertificateName="CSProtectedConfigCertificate"
type="CustomProtectedConfigurationProvider.CustomProtectedConfigProvider,
CustomProtectedConfigurationProvider,
Version=1.0.0.0,
Culture=neutral,PublicKeyToken=e03f7ad78f283bbf,processorArchitecture=MSIL"
/>
- Execute below commands for encrypting and decrypting connection strings which is used in configuration file:
- Command for Encrypting connection string (this will encrypt connection string in configuration file):
- aspnet_regiis -pe "connectionStrings" -prov "CustomProtectedConfigurationProvider" -pkm
- Command for decrypting connection string(this will decrypt connection string in configuration file:
- aspnet_regiis -pd "connectionStrings" -pkm
No comments:
Post a Comment