Encrypt and Decrypt Connection Strings in Web.Config file in ASP.Net

In this article I will provide a tutorial with example to encrypt and decrypt Connection Strings in Web.Config file in ASP.Net.

The Encryption and Decryption of the Web.Config file’s ConnectionStrings section will be performed using aspnet_regiis.exe Command Line Utility of the Visual Studio.

 

The Plain Connection String in the Web.Config file

The below screenshot shows the Plain Connection String in the Web.Config file before encryption.

 

 

Encrypting the Connection Strings in Web.Config file

You need to follow the following steps for encrypting the Connection Strings in the Web.Config file

1. Open Visual Studio Command Prompt

You will need to open the Visual Studio Command Prompt from the Start Menu => Programs => Microsoft Visual Studio 2010 => Visual Studio Tools => Visual Studio Command Prompt.

Note: In this tutorial, I am explaining the process using Microsoft Visual Studio 2010. The same process will be applicable for the other versions. The only difference will be that you need to open Visual Studio Command Prompt from the folder of the respective version of Visual Studio installed on your machine.

 

 

 

2. Encrypting the Connection String in Web.Config using aspnet_regiis.exe tool

In order to encrypt the ConnectionString section in the Web.Config file, we will need to use the aspnet_regiis.exe tool.

Parameters

Action – It notifies the action to be performed. In order to perform Encryption, the parameter value is -pef.

Section Name – The name of the section of the Web.Config file to be encrypted. For this case, the value will be connectionStrings.

Path of the folder – Here we need to specify the path of the folder containing the Web.Config file.

Syntax

aspnet_regiis.exe -pef "connectionStrings" "<Path of the Folder containing the Web.Config file>"

Example

aspnet_regiis.exe -pef "connectionStrings" "D:\Mudassar\Projects\MyTestWebsite"

 

Note: The above command will encrypt all the Connection Strings present in the ConnectionStrings section of the Web.Config file.

 

 

 

Encrypted Connection String in the Web.Config file

The following screenshot shows the Encrypted Connection String in the Web.Config file after encryption.

 

 

Accessing the Encrypted Connection String value in ASP.Net Code behind

ASP.Net will automatically decrypt the Connection String when it is fetched in the code behind and hence in code behind you need to access the Connection String in the same way as you would do normally.

 

Decrypting the Connection String in Web.Config using aspnet_regiis.exe tool

In order to decrypt the ConnectionString section in the Web.Config file, we will need to use the same aspnet_regiis.exe tool that was used for encryption.

Parameters

Action – It notifies the action to be performed. In order to perform Decryption, the parameter value is -pdf.

Section Name – The name of the section of the Web.Config file to be decrypted. For this case the value will be connectionStrings.

Path of the folder – Here we need to specify the path of the folder containing the Web.Config file.

Syntax

aspnet_regiis.exe -pdf "connectionStrings" "<Path of the Folder containing the Web.Config file>"

Example

aspnet_regiis.exe -pdf "connectionStrings" "D:\Mudassar\Projects\MyTestWebsite"

 

Note: The above command will decrypt all the Connection Strings present in the ConnectionStrings section of the Web.Config file.