You can use this trick to protect your Windows Form or Console application connection strings. In order to work, you need to have the database information under ConnectionStrings section.
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source= MyDBServer;initial catalog=MyDatabase;user id=MyUserId;password=MyPassword;" providerName="System.Data.SqlClient" />
<add name="PostalCodeEntities" connectionString="metadata=res://*/PostalCodeModel.csdl|res://*/PostalCodeModel.ssdl|res://*/PostalCodeModel.msl;provider=System.Data.SqlClient;provider connection string="data source=MyDBServer;initial catalog=MyDatabase;persist security info=True;user id=MyUserId;password=MyPassword;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
Add the following method in Program.cs file
using System.Configuration;
using System.Reflection;
//....
private static void SecureConfig()
{
var name = "";
if (Environment.GetCommandLineArgs().Length > 0)
name = Environment.GetCommandLineArgs()[0];
else
name = Assembly.GetExecutingAssembly().CodeBase;
if (!name.ToLower().EndsWith(".exe"))
name = name + ".exe";
if (!name.Contains(Environment.CurrentDirectory))
name = Environment.CurrentDirectory + "\\" + name;
var reader = ConfigurationManager.OpenExeConfiguration(name);
var section = reader.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
reader.Save();
}
//....
Then call above method in your Main before you do anything else.
Example in Windows Form application:
using System;
using System.Windows.Forms;
using System.Configuration;
using System.Reflection;
namespace MyNamespace
{
static class Program
{
///
/// The main entry point for the application.
///
[STAThread]
static void Main()
{
SecureConfig();
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new Form1());
}
private static void SecureConfig()
{
// Code as shown above ....
}
}
}
You can add this to any of your existing program. Once you executed the program once, the ConnectionStrings content will become something like this
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider"> <EncryptedData> <CipherData> <CipherValue>....Very Long Base64 String ...=</CipherValue> </CipherData> </EncryptedData> </connectionStrings>
I hope it helps, cheers!
GD Star Rating
loading...
How To Protect Your Connection String, loading...
About Hardono
Howdy! I'm Hardono. I am working as a Software Developer. I am working mostly in Windows, dealing with .NET, conversing in C#. But I know a bit of Linux, mainly because I need to keep this blog operational. I've been working in Logistics/Transport industry for more than 11 years.
Incoming Search
.net, c#, security