Reputation:
I know how to use System.Configuration.SectionInformation.ProtectSection
to encrypt and decrypt connection string in app.config
(VS 2010
, C#
, .Net 3.5
), however I suppose that any one who know this method can take the encrypted string and decrypt it, right?
If not, please tell me why. If yes, is there any work around? I searched but could not find any help.
Upvotes: 2
Views: 458
Reputation: 4608
To decrypt connection string info you can use below method:
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
Read the full information from this article.
Upvotes: 0
Reputation: 6902
When a string is encrypted it uses a certificate installed on the machine to perform the encryption so you would need the string and the machine key to decrypt it.
The full instructions on encrypting sections of the configuration are on MSDN.
Upvotes: 1