Hi Jim,
Since you're using 2.0, you don't have to reinvent the wheel! The encryption
function is built in for you to store connection strings securely.
Here's a great tip from the Tips and Tricks in this video:
http://download.microsoft.com/downlo...tips_final.wmv
Add your connection string to your web.config as normal. For example, here's
mine:
<connectionStri ngs>
<add name="Adventure Works_DataConne ctionString1" connectionStrin g="Data
Source=.\SQLEXP RESS;AttachDbFi lename="C: \Program Files\Microsoft SQL
Server\MSSQL.1\ MSSQL\Data\Adve ntureWorks_Data .mdf";Inte grated
Security=True;C onnect Timeout=30;User Instance=True"
providerName="S ystem.Data.SqlC lient" />
</connectionStrin gs>
Create a page to do the encryption/decryption:
<%@ Page Language="VB" %>
<%@ import namespace="Syst em.Web.Configur ation" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<script runat="server">
Protected Sub EncryptConfig(B yVal bEncrypt As Boolean)
Dim path = "~/"
' Use the WebConfiguratio nManager to open
' the local web.config file
Dim config As Configuration = _
WebConfiguratio nManager.OpenWe bConfiguration( path)
' Get the connectionStrin gs section
' from the web.config file
Dim appSettings As ConfigurationSe ction = _
config.GetSecti on("connectionS trings")
If bEncrypt Then
' Encrypt the string using ProtectSection
appSettings.Sec tionInformation .ProtectSection _
("DataProtectio nConfigurationP rovider")
Else
'Decrypt the string using UnprotectSectio n
appSettings.Sec tionInformation .UnprotectSecti on()
End If
'Save the changes
config.Save()
End Sub
Protected Sub Button1_Click _
(ByVal sender As Object, ByVal e As System.EventArg s)
EncryptConfig(T rue)
End Sub
Protected Sub Button2_Click _
(ByVal sender As Object, ByVal e As System.EventArg s)
EncryptConfig(F alse)
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitl ed Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:sqldatasou rce id="SqlDataSour ce1" runat="server"
connectionstrin g="<%$ ConnectionStrin gs:AdventureWor ks_DataConnecti onString1
%>"
deletecommand=" DELETE FROM [Employee] WHERE [EmployeeID] =
@EmployeeID" insertcommand=" INSERT INTO [Employee] ([NationalIDNumbe r],
[ContactID], [LoginID], [ManagerID], [Title], [BirthDate], [MaritalStatus],
[Gender], [HireDate], [SalariedFlag], [VacationHours], [SickLeaveHours],
[CurrentFlag], [rowguid], [ModifiedDate]) VALUES (@NationalIDNum ber,
@ContactID, @LoginID, @ManagerID, @Title, @BirthDate, @MaritalStatus,
@Gender, @HireDate, @SalariedFlag, @VacationHours, @SickLeaveHours ,
@CurrentFlag, @rowguid, @ModifiedDate)"
providername="< %$
ConnectionStrin gs:AdventureWor ks_DataConnecti onString1.Provi derName %>"
selectcommand=" SELECT [EmployeeID], [NationalIDNumbe r],
[ContactID], [LoginID], [ManagerID], [Title], [BirthDate], [MaritalStatus],
[Gender], [HireDate], [SalariedFlag], [VacationHours], [SickLeaveHours],
[CurrentFlag], [rowguid], [ModifiedDate] FROM [Employee]"
updatecommand=" UPDATE [Employee] SET [NationalIDNumbe r] =
@NationalIDNumb er, [ContactID] = @ContactID, [LoginID] = @LoginID,
[ManagerID] = @ManagerID, [Title] = @Title, [BirthDate] = @BirthDate,
[MaritalStatus] = @MaritalStatus, [Gender] = @Gender, [HireDate] =
@HireDate, [SalariedFlag] = @SalariedFlag, [VacationHours] = @VacationHours,
[SickLeaveHours] = @SickLeaveHours , [CurrentFlag] = @CurrentFlag, [rowguid]
= @rowguid, [ModifiedDate] = @ModifiedDate WHERE [EmployeeID] = @EmployeeID"
<insertparamete rs>
</asp:sqldatasour ce>
<br />
<asp:butt on id="Button1" runat="server"
onclick="Button 1_Click" text="Encrypt" />
<asp:button id="Button2" runat="server" text="Decrypt"
onclick="Button 2_Click" /></div>
</form>
</body>
</html>
When you click the button, it'll rewrite your web.confg so it comes out like
this:
<connectionStri ngs
configProtectio nProvider="Data ProtectionConfi gurationProvide r">
<EncryptedDat a>
<CipherData>
<CipherValue>AQ AAANCMnd8BFdERj HoAwE/Cl+sBAAAAvr6cdq mKpka7y4ANmye/agQAAAACAAAAAAA DZgAAqAAAABAAAA Cbkzyh+9L59AVsW p1bn82FAAAAAASA AACgAAAAEAAAABp/xn/8HNqFjsuaLbZh9m fIAwAAR2T/I3+F9GlSFg7Xobu y5PgowpxKUztdni 9bmqi/JSgWtSxq4ziH+YQ Ro2FxYBhfdS54nG md01O7gEE+B1SPY A/bRn7pd6O+ZndTJ3 8CzOFj9vW17HWlQ O2QX13B7yiUVOiQ YJJwPdpjjCNZNT5 voItZEHrp5L9UWf +lI6Jpv/BTPDQBPH+OX9sq3 mpDdkfrySC/Jdt6pqhKnlab6Iy wRtQYvR4YTtnO0y xSnh9PM9CUbCIKE LWS9gu1mGAzQYVR m/RxRI4C1AXk8GoMw 9kr1o385JP0e6Vv qdlxdReGuWYfmBb AzxPKhPGp/YhQgvnuvz7g11Qn Mbq8YlYOjIOaXvN FYR9kZAVkbYzTy9 p0b9LlPegc5PtEv lTzyUXTN3lub52U B1bz5E8PpPr+E4T uu86N7c5dynXpNG ax+PsdzhZ/+/Dw93RLIVuPIod9V ielYRt8IiDQqI54 gmKq/ufxxri2vH0VnSMv j1eQHBtSyAM04Ws odoZS6SARQWnN6H PPNGmimPpY+nrKu MEEd0g6fv2YM//aa57Y351NzUaduh vXJIgjiRDjDLa0I wU9wCF0NKBibPJQ mJDj/kD0yY1ct8V3THqA LV9ptZp0Zh7Yosb tdN/xROca2H550cr2bp Kl7X5+oVcvp7pXZ k2tCm7V/rVIfUdb8YbDfWvN EO5RoWK7tJWiD8Z oGZ+5q4bQu8lMCu HPHMXhryyQ7kyhM rJWAjH3+WDulPaG RhS5v6A68lWeEol 0x5KfwDZ/gHWsFd5hc08pfar NInWbmnwnx8nf9Q VY8ub8xb8Ep8lQB xEUXEkmEPrSr7Pr hKGuDTImuDvwAtv rxI04oZ1hvXL6I7 FVAH0ZOgcLcnrbg flMmvJ8A1/3rllfNmE6nmoHyQ i9ZPuGq5Ro1cy66 GD53Tb++Q0IkErf Jj6qtiHhiJrYswz T1FHq+sdyV1j1JK cbiK2Bi2PtlTaKo 0ZMan3QqBhvSWnO yN7pguoKT62puRt vJgK5OVXZQ0mgi0 U+i5Eqp8+MT9hwb 4Hp9QPSEVBnzlJS tTOw8kTKXYtbA8O BAqMe3IG3Obshzs 7YQCcWJbXkY5GK+ BFDy2x80xbWSxmM 7qcL6BgWKOm6+wd 3OixeBLp16xQ4HG +Sc1AhK+t5Zq5mp 6mc508FeDpBA4HS oSqcBUPHF5PVStg QKEqMUX8Mz0g2BW yMYG15UbjvuBT7p miBYXChm+c7rSb+ FjW+rabpfuyNlnP 0raENQ6tUsJZr6M GKKzqQdiWwCVT9M cyU6YPBxNWoTwCK Zc+ueBk6YTkUAAA AH0zOlWabm9II/PQgC5sPjR5Lcko= </CipherValue>
</CipherData>
</EncryptedData>
</connectionStrin gs>
"Jim Andersen" <no****@nospam. dk> wrote in message
news:Ow******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I would appreciate if someone could explain this behaviour, and maybe
offer a better solution.
I have been working with the GridView control. And SqlDataSource. It works
great if I do:
<asp:SqlDataSou rce ConnectionStrin g="yada yada yada" etc etc />.
I can hook up a GridView to the sqldatasource and view/edit/add records.
But this isn't very secure.
I saw that I could do:
ConnectionStrin g="<$ point_to_web.co nfig key >"
It also works. And I can do some weak encryption of the web.config.
But I have a function that decrypts a strongly encrypted ConnectionStrin g,
so I wanna use that.
I found out that I could do:
ConnectionStrin g="<%# GetConnStr() %>"
However, that only works if I in the page_load do:
Databind()
But now I can't do any edit's in the GridView. And if I remove the
Databind(), (or even wrap it in a "if not ispostback") I get a
"connectionstri ng not initialized" error message.
So in my page_load I now do
if me.gridview1.sq ldatasource <> GetConnStr() then
me.gridview1.sq ldatasource <> GetConnStr()
endif
but I don't think it's "clean" and it might get me into trouble later ?
Like the DataBind() that screwed up my editing capabilities.
/jim