Members

Technology Zones

Articles

Hosted By

MaximumASP

Info
Rated
Read 13,327 times
0 comments

Contents

Related Categories

Edit and Encrypt Web.Config sections using C# 2.0 - Encrypting sections in Web.Config file

habeeb_matrix007

Encrypting sections in Web.Config file

Now comes the security issues. At times there comes the necessity for protecting sections of config file. In .NET 2.0 there are options available to encrypt sections of Web.config file programatically. The following method encrypts the "appSettings" section in Web.config file. 

private void EncryptAppSettings()  
{
	Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
	AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
	if (!objAppsettings.SectionInformation.IsProtected)
	{
		objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
		objAppsettings.SectionInformation.ForceSave = true;
		objConfig.Save(ConfigurationSaveMode.Modified);
	}
}

The code above opens Web.Config file for modification. It then retrieves the "appSettings" section. The ProtectSection() method of SectionInformation class marks the configuration section for protection. It accepts the name of the protection provider to be used for the encryption. The ForceSave property indicates if the specified configuration section will be saved even if it has not been modified. Finally the Save() of the Configuration object writes the configuration settings to the Web.config file. The argument to the Save() method indicates the only properties modified need to be written to the physical file.

Decrypting sections of web.config file through code is very identical. The UnprotectSection() method of SectionInformation class removes the encryption from the configuration section. 

private void DecryptAppSettings()
{
	Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
	AppSettingsSection objAppsettings = (AppSettingsSection)objConfig.GetSection("appSettings");
	if (objAppsettings.SectionInformation.IsProtected)
	{
		objAppsettings.SectionInformation.UnprotectSection();
		objAppsettings.SectionInformation.ForceSave = true;
		objConfig.Save(ConfigurationSaveMode.Modified);
	}
}
This encrytion and decryption functionality can be applied to other sections of web.config file also. It comes in use mostly for "connectionStrings" section where usually the user name and password would be specified. This can done by creating a ConfigurationSection object. An example for "connectionStrings" section is listed below. 
ConfigurationSection objConfigSection = objConfig.ConnectionStrings;
ConfigurationSection class represents a section within the configuration file. Configuration class has propertes for each configuration section. This property can be used to get respective ConfigurationSection objects. This is an alternative to the usage of GetSection() method of Configuration class.

Mohammed Habeeb works as a software developer for an India based CMMI L5 Business Solutions Provider InApp Information Technologies situated at technopark. He holds a bachelors in Computer Science Engineering from MES College, Calicut University. He is also a Microsoft Certified Application Developer (MCAD) in .NET Framework. He has a strong inclination towards Microsoft technologies especially the .NET Platform. He is an active member of Microsoft user group, Cochin since 2004. He has a strong passion for science and technology. His interests span through travelling, driving, photography, stamps and coin collection.

Comments

Read Comments | Post Comment