SODEVE

browse by category or date

PROGRAMMING

How To Protect Your Connection String

07-Nov-2014           0      160 views

You can use this trick to protect your Windows Form or Console application connection strings. In order to work, you need to have the database information under ConnectionStrings section.

<connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source= MyDBServer;initial catalog=MyDatabase;user id=MyUserId;password=MyPassword;" providerName="System.Data.SqlClient" />
    <add name="PostalCodeEntities" connectionString="metadata=res://*/PostalCodeModel.csdl|res://*/PostalCodeModel.ssdl|res://*/PostalCodeModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=MyDBServer;initial catalog=MyDatabase;persist security info=True;user id=MyUserId;password=MyPassword;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />    
</connectionStrings>

Add the following method in Program.cs file

using System.Configuration;
using System.Reflection;

//.... 

private static void SecureConfig()
{
	var name = "";
	if (Environment.GetCommandLineArgs().Length > 0)
		name = Environment.GetCommandLineArgs()[0];
	else
		name = Assembly.GetExecutingAssembly().CodeBase;
	if (!name.ToLower().EndsWith(".exe"))
		name = name + ".exe";
	if (!name.Contains(Environment.CurrentDirectory))
		name = Environment.CurrentDirectory + "\\" + name;

	var reader = ConfigurationManager.OpenExeConfiguration(name);
	var section = reader.GetSection("connectionStrings");
	if (!section.SectionInformation.IsProtected)
	{
		section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
	}
	reader.Save();
}

//....

Then call above method in your Main before you do anything else.

Example in Windows Form application:

using System;
using System.Windows.Forms;
using System.Configuration;
using System.Reflection;

namespace MyNamespace
{
	static class Program
	{        
		/// 
		/// The main entry point for the application.
		///        

		[STAThread]
		static void Main()
		{            
			SecureConfig();
			Application.EnableVisualStyles();
			Application.SetCompatibleTextRenderingDefault(false);
			Application.Run(new Form1()); 
		}
		
		private static void SecureConfig()
		{
			// Code as shown above ....
		}
	}
}

You can add this to any of your existing program. Once you executed the program once, the ConnectionStrings content will become something like this

<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
	<EncryptedData>
	  <CipherData>
		<CipherValue>....Very Long Base64 String ...=</CipherValue>
	  </CipherData>
	</EncryptedData>
</connectionStrings>

I hope it helps, cheers!

GD Star Rating
loading...
How To Protect Your Connection String, 4.0 out of 5 based on 2 ratings

Possibly relevant:

About Hardono

Howdy! I'm Hardono. I am working as a Software Developer. I am working mostly in Windows, dealing with .NET, conversing in C#. But I know a bit of Linux, mainly because I need to keep this blog operational. I've been working in Logistics/Transport industry for more than 11 years.

Hosting by: (affiliate)

Alpha VPS

Incoming Search

.net, c#, security

Comments [ 0 ]

No Comment

Add Your Comment

Your Comment