You can use this trick to protect your Windows Form or Console application connection strings. In order to work, you need to have the database information under ConnectionStrings
section.
<connectionStrings> <add name="DefaultConnection" connectionString="Data Source= MyDBServer;initial catalog=MyDatabase;user id=MyUserId;password=MyPassword;" providerName="System.Data.SqlClient" /> <add name="PostalCodeEntities" connectionString="metadata=res://*/PostalCodeModel.csdl|res://*/PostalCodeModel.ssdl|res://*/PostalCodeModel.msl;provider=System.Data.SqlClient;provider connection string="data source=MyDBServer;initial catalog=MyDatabase;persist security info=True;user id=MyUserId;password=MyPassword;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" /> </connectionStrings>
Add the following method in Program.cs
file
using System.Configuration; using System.Reflection; //.... private static void SecureConfig() { var name = ""; if (Environment.GetCommandLineArgs().Length > 0) name = Environment.GetCommandLineArgs()[0]; else name = Assembly.GetExecutingAssembly().CodeBase; if (!name.ToLower().EndsWith(".exe")) name = name + ".exe"; if (!name.Contains(Environment.CurrentDirectory)) name = Environment.CurrentDirectory + "\\" + name; var reader = ConfigurationManager.OpenExeConfiguration(name); var section = reader.GetSection("connectionStrings"); if (!section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider"); } reader.Save(); } //....
Then call above method in your Main
before you do anything else.
Example in Windows Form application:
using System; using System.Windows.Forms; using System.Configuration; using System.Reflection; namespace MyNamespace { static class Program { ////// The main entry point for the application. /// [STAThread] static void Main() { SecureConfig(); Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); } private static void SecureConfig() { // Code as shown above .... } } }
You can add this to any of your existing program. Once you executed the program once, the ConnectionStrings
content will become something like this
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider"> <EncryptedData> <CipherData> <CipherValue>....Very Long Base64 String ...=</CipherValue> </CipherData> </EncryptedData> </connectionStrings>
I hope it helps, cheers!
loading...
About Hardono
Incoming Search
.net, c#, security