Encrypting connection strings in config file used on multiple machines C# WPF

Question

5.00/5 (1 vote)

See more:

, +

At the moment I am storing my connection strings in my app.config file in plain text. Bad practice, I know, and I am trying to encrypt them instead. I've referred to https://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx and haven't had an issue with getting the app.config part working on my machine.

What I have tried:

My issue is when I come to use this on another machine. As the config file they are using has come from my machine, only my machine can decrypt the connectionstrings.

I cannot see past this and come up with a solution that allows the users machine to encrypt the config file without having an unencrypted version on their machine first.

Is there a solution that allows the users to encrypt the file themselves?

Posted 6-Oct-16 4:20am

DRD94

Updated 6-Oct-16 6:40am

Add a Solution

Comments

Rob Philpott 6-Oct-16 11:31am

Not necessarily bad practice to my mind - unless you have credentials in there - do you?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2016-10-06T05:32:00

Solution 1

https://msdn.microsoft.com/en-us/library/ff650304.aspx#paght000006_webfarmscenarios[^]

Posted 6-Oct-16 5:32am

F-ES Sitecore

#realJSOP · Answer 2 · 2016-10-06T06:40:00

How are you encrypting the connection string?

The way I do it is encrypt the string, and copy the encrypted version into the config file. Then, I have an assembly that I can distribute that knows how to decrypt it (it contains the encryption info). If you want to decrypt the encrypted string, you have to have include that assembly in your app, and follow some simple steps to decrypt the string.

Of course, if a programmer is using the assembly, they can always inspect the decrypted connection string in the process of using a SqlCommand object, so I 'm not sure there is any benefit to encrypting it unless it's simply to prevent non-programmers from seeing it in the config file.