Skip to main content
Encrypt and Decrypt Connection String in Web.config

Encrypt and Decrypt Connection String in Web.config

Encrypt and Decrypt Connection String in Web.config

With the help of this article, we are trying to explain encryption and decryption process of a connectionStrings section of Web.config file using the aspnet_regiis.exe tool.

This post provides a basic reference on how basic protection can be achieved using the aspnet_regiis.exe tool, by default installed with .Net Framework.

It is always recommended to encrypt the connection string of your application as it contains highly sensitive data.

Follow the below-listed instructions in order to implement “Encrypt and Decrypt Connection Strings in Web.config using aspnet_regiis.exe”

Plain Connection String in Web.config file before encryption.

Open Developer Command Prompt.

You will need to open Developer Command Prompt from Start Menu > Visual Studio 2015 > Developer Command Prompt for VS2015

You must be login as Administrator and right click Developer command prompt Prompt and select Run as Administrator.

Encrypt and Decrypt Connection String in Web.config

Encryption:

For encrypting the connection string in the Web.config file, you will need to use the aspnet_regiis.exe tool.

Syntax:

aspnet_regiis.exe -pef “connectionStrings” “<Path of the Folder containing the Web.Config file>”

This command requires 3 arguments:

–pef: It represents the action to be performed. In order to perform Encryption, the parameter value is -pef.
connectionStrings: It represents a section of the Web.Config file to be encrypted. For this case, the value will be connectionStrings.
Path of Folder: Here we need to provide the path of folder that containing the Web.config file

Example:

aspnet_regiis.exe -pef “connectionStrings” “D:\Project\Testwebsite”

Above command will encrypt the all the Connection Strings in the connectionStrings section of Web.Config file.

Encrypt and Decrypt Connection String in Web.config

Connection String in Web.config file after Encryption

Accessing the Encrypted Connection String in Code behind

Asp.net will automatically decrypt the connection string when it is fetched in code behind, so you need to access the connection string in the same way as you would be in a general way.

Decryption:

For decrypting the ConnectionString section in Web.Config file, we will need to use the aspnet_regiis.exe tool that was used for encryption.

Syntax:

aspnet_regiis.exe -pdf “connectionStrings” “<Path of the Folder containing the Web.Config file>”

This command requires 3 arguments:

–pdf: It represents the action to be performed. In order to perform Decryption, the parameter value is -pdf.
connectionStrings: It represents a section of the Web.Config file to be decrypted. For this case, the value will be connectionStrings.
Path of Folder: Here we need to provide the path of folder that containing the Web.config file

Example:

aspnet_regiis.exe -pdf “connectionStrings” “D:\Project\TestWebsite”

Above command will decrypt the all the Connection Strings in the connectionStrings section of Web.Config file.

Encrypt and Decrypt Connection String in Web.config

Note: ConnectionStrings can be decrypted on the same machine where we perform encryption.

Thanks for reading!

DotNetCrunch

DotNetCrunch is a popular blog for latest Microsoft® technologies which is aimed for beginners and intermediate level professionals.