Security :: Connection String In Web.config - Insecure?

Jul 16, 2010

My boss does like storing the connection string and credentials in the web.config - even when its encrypted.

He also doesnt want the IIS box and SQL box to both be in the same domain, or have trusted domains.

Is there a more secure method of connecting to SQL? Is there some kind of token login?

View 3 Replies


Similar Messages:

Security :: How To Make MVC View Insecure Via Location Tag In Web.Config

Oct 10, 2010

I have the following authorization settings in my web.config:

[Code]....

This deny's all anonymous access to the application accept the login page. In addition to this I am using authorization within each controller action via a custom authorize attribute.

I have one additional action that I would like to expose publicly in addition to the login page. This action does not have the authorize attribute on it. I have tried to make this view (resetPassword view) public by using the location tag in the web.config file like so:

[Code]....

In the path attribute above I have tried both the view as well as the action path, but it doesnt allow public access to the action.

I have even tried to put this view in a separate folder within the shared folder and put a separate web.config file to make that folder public like so:

[Code]....

None of the above configuration allow me to make this particular action (view) public. Can anyone suggest any other solutions, or what I may be doing wrong in this case?

View 5 Replies

Security :: MembershipUser In Different Connection String Then Is In Web.config?

Mar 4, 2010

MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.

View 1 Replies

Security :: Login Controls And Connection String In Web.config?

Feb 16, 2010

I have been searching internet in order to secure my connection string in the web.config file and setting the Login controls connection strings in runtime

TEverything about encrypting connection strings works fine on local machine. I can do it programmatically and on aspnet_regiis.exe

My questions are How can I set the connection string to any login control in runtime? How can I encrypt my connection string on my shared hosting ?How can I use aspnet.regiis.exe to encrypt my config file on shared hosting ? How to define the commands ?If I can find a solution to my 1st question, 2nd doesnt matter anymore.

View 4 Replies

Security :: Encrypting Config File's Connection String And Keys?

Sep 23, 2010

Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?

View 10 Replies

Security :: How To Encrypt Connection String In Web.config On A Shared Hosting

Jun 1, 2010

I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:

An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)

View 2 Replies

Security :: Encrypting Connection String In Web.config In Shared Hosting Environment?

May 27, 2010

My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.

From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.

View 2 Replies

Provider Connection String Of Entity Framework Be Substituted With A DB Connection String Already Defined In Web.config?

Feb 2, 2011

I have a db connection string 'ApplicationServices' defined in the connectionString section of web.config and 3 Entity Framework connection strings which have the provider connection string attribute with the same connection string as the one in 'ApplicationServices'. Is there a way to reference connectionString in 'ApplicationServices' for the provider connection string attribute of the EF connection string in the web.config, rather than providing the connection string all over again?

View 1 Replies

Web Forms :: How To Access Connection Connection String From Sub Folder Web.config File

Mar 15, 2011

just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.

[Code]...

i tired this but its giving error

[Code]....

View 1 Replies

Making Ado.net Connection Class Or Connection String In Web.config?

Oct 18, 2010

I am preparing for an Access2007 db conversion at the beginning of the year and would like to know what the best process would be for connecting to the sqlserver2005 database. I have read about adding the connection string to the web.config file. I have also read about using ADO.NET and put the connection information into a class and not the web.config file.

I would like to hear from others as to what you have used, are using, or plan on using for a webapp (vs2010), and why so I can get an understanding.

View 3 Replies

Configuration :: Deploy Web.config And App.config Connection String?

May 3, 2010

I have deploy my web site, it contains a project!

in MyWeb there are all the aspx page and some entites datamodel, in MyApp there are the class with function like "getter data from DB" and there is a entity data model.

afeter the deploy, I have only the web.config and the connection string for the entity datamodel....itīs run ok, read/write the data on the DB.

The problem is with MyApp.....after the deploy it is a dll file and I donīt have the app.config and the entity inside it donīt run, not read/write nothing on the DB.

There arenīt error or messager but not read/write the data in the MyApp project.

all run on the iis 7

now...the question is:

I lose the connection string (in app.config) after the deploy?

Can I put a entity in the MyWeb and read it in another project (myApp)?

ps: for connect to DB I use not the c# code:

var db=from x in AccessDB.Example select x;

View 1 Replies

Getting Connection String Out Of App.config

Feb 1, 2011

I added a database to my project. When I did so an app.config file was added to my project. (Yes I know I have dangerous info in the connection string. I shall change that but for now I am messing around with test stuff.)

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="NyStories.Properties.Settings.storyConnectionString"
connectionString="Data Source=|DataDirectory|story.sdf;Password=driver;Persist Security Info=True"
providerName="Microsoft.SqlServerCe.Client.3.5" />
</connectionStrings>
</configuration>

I did a google search on how to get the connection string value and found. string sConn = ConfigurationSettings.AppSettings["ConnectionString"]; I am getting a warning that this is obsolete. It has been replaced by ConfigurationManager.AppSettings. Ok Fine. According to the docs, it is also in System.Confiuguration which I already have a using statement for above. But when I attempt to use it, it is not part of the assembly.

View 4 Replies

MVC :: More Than One Connection String In Web.config?

Feb 14, 2011

My web application has to retrieve database from more then two difference sql server.

for example, one from localhost, one from different server ip.

all firewall setting was finished, but i just dont know how to code and use it.

here is my web.config :

[Code]....

this defines only one database in my localhost.but i need to call different connection strings each time i need.

how do i implement this?

View 4 Replies

Read Connection String From Web.config

Jan 28, 2011

I called the string in my Data layer

string connectionName = System.Configuration.ConfigurationSettings.AppSettings["Connection"].ToString();

now how could call it in SqlConnection con

View 11 Replies

Where To Store Connection String In Web.Config

Mar 25, 2011

We can store Connection String in Web.config file in two ways One is

<connectionStrings>
<clear/>
<add name="LocalSqlServer"
connectionString="Data Source=(local);Initial Catalog=aspnetdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>

Other One is

<appSettings>
<add key="ConnectionString"
value="server=localhost;database=Northwind;uid=sa;password=secret;" />
</appSettings>

Now I want to know What is difference between these two approach? Which one is better way? What are their limitations?

UPDATE:Can you explain that <connectionString> has any significant advantage over <appSetting>?

View 5 Replies

Configuration :: Is Possible To Have More Then One Connection String In The Web.config

Oct 19, 2010

I have been preparing for a conversion of an old application to an ASP.NET webapplication at beginning of the year. Generally, the development version of the webapp will also be the webapp that goes into production. We here make "clones" of the database server, assign new name, etc, which is then used for development, training, and so on without any threat of changing data on the real db (sql server 2005). I know it is possible to have more then one connection string in the web.config. My question centers around if there is a simple method for allow multiple connection strings and pick the one that is to be used for dev, production, training, and so on? I originally thought about constructing some type of admin form that the connection string can be selected from.

View 2 Replies

C# - Add And Access Connection String From Web.config?

Nov 18, 2010

I want to add connection string to connect to mysql in web.config and access the same in my code c# how can i do this?

here is my code onclick of a button to connect to database.

protected void Button2_Click(object sender, EventArgs e)
{
String a = DropDownList1.SelectedItem.Value;
String b = DropDownList3.SelectedItem.Value.PadLeft(3, '0');

[Code]....

View 2 Replies

Configuration :: Get Sql Connection String From Web.config?

Dec 15, 2010

I have an app that is a bit old and will eventiall be rewritten but until I get the time it needs to continue to be patched. THe app is desgined broken into three layers (Web, DAL, BLL) The web site uses the DAL.DLL and BLL.DLL and the Website has some dataaccess and the sonnection string is saved in the web.config. For the DAL it is stored in the app.settings. Is there a way for the DAL to use the connection string that is stored in the Web.config even thought it is in DLL for the production site?

View 2 Replies

How To Write Connection String In Web.config File

Jul 30, 2010

how to write connection string in app.config file in vb.net windows application and how to call connection string in forms

View 2 Replies

VS 2008 OleDb Connection String In Web.Config

Aug 14, 2010

How to put an OleDB Connection String in Web.Config I wrote the following code but getting error

Code:
<appSettings>
<add key="ConnectionString"
value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("~/App_Data/AMS.MDB")" />
</appSettings>

Getting error while concatenating a string Data Source=" & Server.MapPath

View 4 Replies

What Is The Correct Format To Add A Db2 Connection String In A Web.config

Jul 28, 2010

would the web.config/machine.config connection string look something like this:-

<connectionStrings>

<add name="DB2dbname" connectionString="Data Source=Db2servername;uid=my userId;pwd=myuseridpawd;mode=SHARE;dbalias=DB2TEST " providerName="System.Data.OleDb.OleDbConnection"/>

View 1 Replies

Finding About Connection String In Web.config File

Jan 15, 2010

why we use connection string in web.config file??? Or what is the benefit of using connection string in web.config file?

View 7 Replies

What's Machine Config - Trying To Keep Each Connection String For Each User

Mar 9, 2010

I am doing a web project in asp.net. Now I am trying to keep each connection string for each user. And the user can decide which server he prefer. How to change this dynamically and where can I store this?. I happen heard about machine.config .Unfortunately i am not familiar with this. Can you just tell what it is and it's use.

View 3 Replies

Auto Encryption Of Web.config Connection String?

Apr 20, 2010

I want to encrypt the connection string in web.config, the problem is each time a developer changes the connection string in web.config and publishes, it needs to be encrypted every time in the web server. Is there any way that the connection string can encrypted automatically every time someone publishes it?

Note :- All of us work on our local machines other than the server. So encryption using local machine key is not an option.

View 1 Replies

SQL Server :: Connection String In Config File?

Aug 6, 2010

I am having trouble connecting to a ms sql database on the server. The hosting company said that the .sql file was imported successfully, but when I try to use the 'login' or 'create account' features im getting an error page saying:

Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. make sure the user has a local user profile on the computer. The connection will be closed.

I am sure all the connection info is correct so it is really frustrating trying to work the problem. I have listed the connection string in my web.config file to see if anyone can see anything wrong with it.

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved