My application will use the DataProtectionConfigurationProvider to encrypt my app.config file. I can encrypt the file from within my applicaiton, but I would like to be able to encrypt it outside the application so that the file is encrypted when it is deployed. I know that you can encrypt web.config files with aspnet_regiis.exe. Is there a tool that can encrypt app.config files as well
Eric
Encrypting the app.config file
Hot Topic
- App.config and saving the configurations...?
- Strange behavior of the Trace
- R
- How to get a download transfer rate.
- How to access appsettings in dll assemblies?
- Backward compatibility for ADO.NET ??
- .NET 1.1 process.kill?
- update web reference fails, "out" parameter converted to a function return result
- OleDBCommand: what might be the problem?
- Close on send: part 2
.NET Development
- need help for developing an application which could access the CyberJack Card Reader.
- Can't send a mail with a 'protocol'-link :o(
- Newbie question - deployment project
- Inserting large amount of rows using ADO.NET
- Perfmon and .NET monitoring.
- Generic .NET Error From ListView
- data adapter problem
- Exception Handling DO NOT WORK!! Help Please!@!
- Socket BeginAccept Method Memory Leak?
- Problem with sending Thai Characters through sockets (Socket.Send)
Encrypting the app.config file
Eric Zhao
No there is currently no tool available to encrypt your app.config automagically...well at least to my knowledge so don't quote me on that.
The difference between app.config for desktop apps and web.config for web apps is simple. ASP.net knows what key it uses to encrypt your web.config file and can tell it to the ASP.net application.
There is no similar service for winform/console applications because they run within their own process.
It is possible to create your own EncryptedConfigurationProvider and simple application that, given a key, encrypts any file (including app.config). Of course your application will have to provide that key to the ECP in order for it to work. Finally, do not forget that all of the encryption is for naught if you don't hide the key in your assembly. Use a code obfuscator (like dotfuscator) to help you with that.
Roxana Goidaci
Thanks!
Crazy_Aardvark
I've read your post in the group and I'm also searching to encrypt some connection strings in a app.config-file. Can you send me an example of your code that manages this issue.
Thanks in advance,
Marc.
marcmylle@hotmail.com.donotspam
kagemusha
You can encrypt the values in it and when you read it, just decrypt it. I use this for the connection string for example, so users don't grap the username and password for the DB.
Rubber
Mhed
I can't access the site, looks like something i would be interested in ....
Thanks
Kalpana
palamangelus
Hey zephyr_at_hades,
Is your sample code still available at http://hades.dyndns.ws/blog/index.php blog=5&p=29&more=1&page=1
I cannot browse the link
Thanks,
Rombo
I'm currently looking for ways to encrypt values of my app.config (DB connection string).
I've looked at PNG but would like a simpler way to do things. Can you give an example of your encryption/decryption method
brgds
DavidLJ
Nothing is perfect but obfuscation is about the best that can be done to deter casual cracking.
Well there is one other way. You can store the key in a database and use SSPI to enable users who are authorized to use the application to retrieve the key (well through the program of course). When the key comes in from the database, the application can use it to decrypt the app.config file. Again, I'd recommend using obfuscation still so that a casual cracker can't determine what is being done.
caroco
GShap
Take a look at this: http://msdn.microsoft.com/library/default.asp url=/library/en-us/dnpag2/html/EntLib2.asp
The standards and pratices team has some cool examples in their Enterprise Framework. It's asp.net based but its still a pretty good example. I remember that in the 1.x versions they had a nice interface (ment to be customized) to encrypt various configuration settings.
ShaneMcM