Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
View 10 RepliesMy problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
When I try to encrypt the "connectionStrings" section in the web.config file of my asp.net web application on Windows Server 2008, I'm getting the following error:
Administration utility (2.0.50727) to install and uninstall ASP.NET on the local machine. Copyright (c) Microsoft Corporation. All rights reserved. Note: This utility has limited capabilities on the Windows Vista operating system. It is recommended that you use the "Turn on or off Windows features" option of the "Programs" component of Control Panel to install or remove ASP.NET. It is also recommended that you use the IIS Manager component or the Appcmd.exe tool to configure ASP.NET applications.
The above information is followed by the list of valid options to aspnet_regiis.exe.
The command that I've used is:
aspnet_regiis.exe -pef "connectionStrings" "C:Usersuser1DocumentsMywebsite" -prov "DataProtectionConfigurationProvider"
But, the same command is working fine when used on a Windows Server 2003 machine. The problem is occurring only on Windows Server 2008 with IIS7.
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
[Code]...
i tired this but its giving error
[Code]....
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.
View 1 RepliesMy boss does like storing the connection string and credentials in the web.config - even when its encrypted.
He also doesnt want the IIS box and SQL box to both be in the same domain, or have trusted domains.
Is there a more secure method of connecting to SQL? Is there some kind of token login?
I have been searching internet in order to secure my connection string in the web.config file and setting the Login controls connection strings in runtime
TEverything about encrypting connection strings works fine on local machine. I can do it programmatically and on aspnet_regiis.exe
My questions are How can I set the connection string to any login control in runtime? How can I encrypt my connection string on my shared hosting ?How can I use aspnet.regiis.exe to encrypt my config file on shared hosting ? How to define the commands ?If I can find a solution to my 1st question, 2nd doesnt matter anymore.
how to write connection string in app.config file in vb.net windows application and how to call connection string in forms
View 2 Replieswhy we use connection string in web.config file??? Or what is the benefit of using connection string in web.config file?
View 7 RepliesI am having trouble connecting to a ms sql database on the server. The hosting company said that the .sql file was imported successfully, but when I try to use the 'login' or 'create account' features im getting an error page saying:
Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. make sure the user has a local user profile on the computer. The connection will be closed.
I am sure all the connection info is correct so it is really frustrating trying to work the problem. I have listed the connection string in my web.config file to see if anyone can see anything wrong with it.
I have this in the web config file <connectionstrings> section. Why is there an add and then remove and then again an add...what is it trying to accomplish here? and in the second code section, I use that string in a sqldatasource control. Second question: Can I just use the name attribute value "localsqlserver" form web config file, in place of the connection string in the data source? is it why that attribute is for?
[Code]....
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
My requirement is to save the connection string of database that will be provided to be me by user on form, which can be modified lator.
i need to know how and where i should store the connection string permanently which will be used lator to connect to database.
I have written the web.config for same server without username and server and its working.
but not been able to provide the username and password in web.config file.
Following is my web.config for Server:
[Code]....
I have to write another web.config for client application with username and passoword. how could i use it.
server name is "BM", User is "Sa" and Password is "abc"
How to programmatically write an encrypted connectionString to a Web.Config file?
View 5 RepliesI have a db connection string 'ApplicationServices' defined in the connectionString section of web.config and 3 Entity Framework connection strings which have the provider connection string attribute with the same connection string as the one in 'ApplicationServices'. Is there a way to reference connectionString in 'ApplicationServices' for the provider connection string attribute of the EF connection string in the web.config, rather than providing the connection string all over again?
View 1 RepliesI'm running into a really annoying problem with my Linq to SQL project. When I add everything in under the web project everything goes as expected and I can tell it to use my existing connection string stored in the web.config file and the Linq code pulls directly from the ConfigurationManager.
This all turns ugly once I move the code into its own project. I've created an app.config file, put the connection string in there as it was in the web.config but when I try to add another table in the IDE keeps forcing me to either hardcode the connection string or creates a Settings file and puts it in there, which then adds a new entry into the app.config file with a new name.
Is there a way keep my Linq code in its own project yet still refer back to my config file without the IDE continuously hardcoding the connection string or creating the Settings file? I'm converting part of my DAL over to use Linq to SQL so I'd like to use the existing connection string that our old code is using as well as keep the value in a common location, and one spot, instead of in a number of spots.
Manually changing the mode to WebSettings instead of AppSettings works untill I try to add a new table, then it goes back to hardcoding the value or recreating the Settings file. I also tried to switch the project type to be a web project and then rename my app.config to web.config and then everything works as I'd like it to. I'm just not sure if there are any downfalls to keeping this as a web project since it really isn't one. The project only contains the Linq to SQL code and an implementation of my repository classes.
My project layout looks like this
[code]....
Every time I try to make the default constructor look like the first way, it always auto changes back to the second way once I make a change to the file unless the DBML is inside of a web project.
I will explain the my current yet simple architecture of my application(s). At the moment I have my main web application as a separate project. I then reference the CoreBLLDAL (Business Logic and Data Access) Project so that several projects can have access to the BLL/DAL Project.
Within the CoreBLLDLL Project I use TableAdapters for my DAL.
I have just upgraded to VS2010 and I would like to make use of the Config Transforms, allowing me to have a separate web.config for test and production - however, TableAdapter get the connection string from the Settings.settings file.
How can I change the TableAdapters to get the connection string from the app/web.config file? I read that you can change this within the designer file for the TableAdapters by using ConfigurationManager, however, I tried this but I do not have access to the ConfigurationManager namespace. I presume this is because the project is a class library and not a web application - I am not too sure.
How can encrypt the web configuration file ... so I don't want the connection name is appeared. How to do ncryption of web config file.
View 1 RepliesI want to encrypt my web config when i deploy it to server so that the username and password of database is secured. I've tried some of the encryption and it did'nt work. here is my code.
Imports System.Collections.Generic
Imports System.Text
Imports System.Configuration
[Code].....
I am wondering how to encrypt the below information in the "web.config" file of the "Account" folder (where we have the secured pages):
[Code]....
My issue here is that even after I compiled my application (using "aspnet_compiler -v /reports c:
eports"), the information inside the web.config file of the Account folder still not encrypted, and I want to publish my site to the customer server. So, since this server is a customer server, then they can access this "web.config" file and change our web-application security behaviour (correct me if I am wrong). Basically, I don't want the customer to even have access to our secured pages when they access our web-application using the web browser. How to solve this issue?
I have written a couple methods that encrypt and decrypt the appSettings section of my web.config file using the WebConfigurationManager. I just hooked up the methods to the page_load event to test that it works, which it does. Now I need to deploy to a web farm and need advice. What is the best way to make it so I can encrypt, but more importantly decrypt the web.config when I need to? I thought about putting a hidden page with "encrypt" and "decrypt" buttons, but that seems risky. What is the "accepted" method for rolling out something like this?
View 1 RepliesAny section in my web.config file that I want to encrypt I run this command line util:
aspnet_regiis -pe "anySection" -app "/SampleApplication"
It all works just fine until I try encrypt my connectionStrings sections
I define (and I cannot change this) my connectionStrings section like this:
[code]....
Is there a way of doing this using the aspnet_regiis util? Doing it with code is not an option for me.
Also is there a way to run this untility without specifing the application (-app "/SampleApplication") instead giving the path to the web.config file?
If I encrypt something in my config file using aspnet_regiis.exe -pef "appsettings" "path" which i think will use my logged in id's credentials. If i deploy this application on some other machine where some other user id is used to login. Will there be any issues or .......?
View 1 Repliesshare your thoughts if there is any way to encrypt app.config section with out changing code? I know that we can use aspnet_regiis.exe to encrypt the web.config file.
I came across some blogs to rename app.config to web.config and run aspnet_regiis -pef command. I am able to create an encrypted version of app.config file but application failed to read the keys from encrypted app.config. so this approach didnt work for me.