 |
 Secure the connection string in ASP.NETOne of the best practices in ASP.NET is to save your database connection strings in the Web.config file instead of hard-coding it in your code. This allows you to change database servers easily, without needing to modify your code. As an additional protection, it is always better to use integrated Windows security to access your database, rather than using SQL Server authentication, and thus including your SQL server credentials in the connection string. Either way, it's not such a good idea to save your connection strings as plain text in Web.config -- you should ideally encrypt the connection strings so that it leaves no chance for a potential hacker to easily get more information about your database server. <configuration> <appSettings> <add key="ConnectionString" value="server=localhost;uid=sa;pwd=;database=Northwind" /> </appSettings> </configuration>
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is theprocess of converting encrypted data back into its original form,so it can be understood. Encrypting the connection string private string EncryptString(string con) Byte[] b = System.Text.ASCIIEncoding.ASCII.GetBytes(con); string encrypted = Convert.ToBase64String(b); return encrypted; Description : 1) EncryptString() takes in the connectionString and returns the encrypted ConnectionString 2) Here we have used the ASCIIEncoding which gets the bytes representation of the connection string and store it in an array. 3) Finally, we encrypt the connection string using the ToBase64String method of the Convert class and the connection string is returned to the caller. If you print out the connection string you will find something like this: c2VydmVyPUFTVDI4Ni9TUUxFWFBSRVNTO2RhdGFiYXNlPVNjaG9vbDt1aWQ9c2E7cHdk PWFzc3lzdA== Once you got the encrypted connection string you can copy and paste it in the web.config file. <configuration> <appSettings> <add key="strconnect" value="c2VydmVyPUFTVDI4Ni9TUUxFWFBSRVNTO2RhdGFiYXNlPVNjaG9vbDt1a WQ9c2E7cHdkPWFzc3lzdA==" /> </appSettings> </configuration>
private string DecryptString() Byte[] b = Convert.FromBase64String(ConfigurationSettings.AppSettings["strconnect"]); string decrypted = System.Text.ASCIIEncoding.ASCII.GetString(b); return decrypted; } Description: 1) First we get the byte representation of the connection string using the Configuaration Manager.Appsettings. Here in this example i have accomplished Encryption and Decryption methods using the concepts of OOPS.So that you can be good in two concepts at the same time. Lets build a class that supports these two methods.I have named the class as EnDe.cs.Its time to get in to the code. EnDe.cs using System; namespace BLL public string ConnectionString public string StrCon /* Encryption method */ public string EncryptString() /* Decryption method */ public string DecryptString() Add a WebForm named EnDe.aspx to our project.Add two buttons to the WebForm named "Encrypt the connection string" and "Decrypt the connection string" and name the id as btnEncrypt and btnDecrypt respectively. Refer the class and create an object for the name. EnDe ObjE = new EnDe(); Add the following code in btnEncrypt: protected void btnEncrypt_Click(object sender, EventArgs e) protected void btnDecrypt_Click(object sender, EventArgs e)
|
