Security :: How To Encrypt Connection String In Web.config On A Shared Hosting
Jun 1, 2010
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
I have developed an e-comm web site in asp.net with sql server as a database. Now I want to upload that web site with DB to hosting server. This is my first web hosting and I don't know how to do it.
I've created the DB script to recreate the DB at the hosting server, but I don't know how to run it on server.
What changes need to be done in my connection string in web.config file for connecting the DB which will be on hosting server.
I also have ftp client "Filezilla" which i am able to use for uploading static html pages on server.
I want to encrypt my web config when i deploy it to server so that the username and password of database is secured. I've tried some of the encryption and it did'nt work. here is my code.Â
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.
I have been searching internet in order to secure my connection string in the web.config file and setting the Login controls connection strings in runtime
TEverything about encrypting connection strings works fine on local machine. I can do it programmatically and on aspnet_regiis.exe
My questions are How can I set the connection string to any login control in runtime? How can I encrypt my connection string on my shared hosting ?How can I use aspnet.regiis.exe to encrypt my config file on shared hosting ? How to define the commands ?If I can find a solution to my 1st question, 2nd doesnt matter anymore.
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
I have a db connection string 'ApplicationServices' defined in the connectionString section of web.config and 3 Entity Framework connection strings which have the provider connection string attribute with the same connection string as the one in 'ApplicationServices'. Is there a way to reference connectionString in 'ApplicationServices' for the provider connection string attribute of the EF connection string in the web.config, rather than providing the connection string all over again?
i am currently developing an asp.net mvc 2 web application and i would like to create new foldersprogrammatically with access rights, in order to enable loged on users upload their image files.My question has to do with how to assign write access using Directory.CreateDirectory function and assigning DirectorySecurity rules (meaning for which user should i enable user rights, etc...). Note that the hosting envirnoment uses IIS 7.
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
I have created a web site in Visual Web Developer 2008 Express Edition. I have created database using SQL Server Express. The web site works good. I have hosted the web site, then getting error in connecting to database.
The connection string is < add name="QkINDUSConnectionString" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|QkINDUS.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
know what is the correction i need to make in ConnectionString ?
I am preparing for an Access2007 db conversion at the beginning of the year and would like to know what the best process would be for connecting to the sqlserver2005 database. I have read about adding the connection string to the web.config file. I have also read about using ADO.NET and put the connection information into a class and not the web.config file.
I would like to hear from others as to what you have used, are using, or plan on using for a webapp (vs2010), and why so I can get an understanding.
in MyWeb there are all the aspx page and some entites datamodel, in MyApp there are the class with function like "getter data from DB" and there is a entity data model.
afeter the deploy, I have only the web.config and the connection string for the entity datamodel....itīs run ok, read/write the data on the DB.
The problem is with MyApp.....after the deploy it is a dll file and I donīt have the app.config and the entity inside it donīt run, not read/write nothing on the DB.
There arenīt error or messager but not read/write the data in the MyApp project.
all run on the iis 7
now...the question is:
I lose the connection string (in app.config) after the deploy?
Can I put a entity in the MyWeb and read it in another project (myApp)?
look at the step 5 at "Using the Example Provider in an ASP.NET Application" element , I entered the command "
aspnet_regiis.exe -pe "connectionStrings" -app "/SessionState" -prov "TripleDESProvider" " at the windows command line, it asked me "The protection provider 'TripleDESProvider' was not found"
I make sure the files keys.snk and keys.txt are in the same folder and the file web.config is correct. Who can tell me the reason for the error and how do I handle with it?
Our conn strs reside in an external file <connectionStrings onfigSource="ConfigurationConnectionStrings.config" />Is there a way to encrypt this external file either using aspnet_regiis or System.Configuration?
