encrypt app.config connectionStrings without decryption

Question

I know this may be an old question, and there are a lot of discussion about this issue, but all answers do not help me because there are decrypt method as well

I want to encrypt app.config file so no one can see my stringConnections
I know using

aspnet_regiis -pef "connectionStrings" <"path">

after changing app.config to web.config and renaming it again after encryption

but as it's Windows Application that means encrypted app.config will be within app directory
so, everyone who can access it, which is simply everyone can always decrypt it using

aspnet_regiis -pdf "connectionStrings" <"path"> <br>

so, how can I protect it somehow that no one can decrypt it, and only my app can use it

Answer 1

Bad news: You got yourself into trouble here because the place you have chosen is accessible to both your app and all people and apps with access to the same location. This means: if your connection strings are decrypt-able by your app, everyone else can with access to the encrypted data.

Good news: I had the same issue and solved it by changing the location of where my configuration data was located, including my connection strings. I moved the information from the web.config into a configuration service. This way my application had access to the service, like every other app and person, but only my app could provide the correct authentication.

In essence: encryption/decryption may not be the solution you need, but authorization is an alternative: restrict access.