473,324 Members | 2,400 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

encrypting connection strings for network installed application

I have an application which is installed on a network share to be run
from one or more workstations. I have granted trust to the
applications on the workstations and the appropriate permissions on the
shared folder and the user's can execute the app with no problem.

I do have a problem, however, after the application starts. In the
application's .config file, the connectionStrings section of the file
is encrypted upon first run of the app (this is temporary). When
encrypted, the connectionStrings section can only be successfully
decrypted on the machine that first encrypted it. Other workstations
will not be able to run because they cannot decrypt the
connectionStrings section.

Here is the code used to encrypt the connectionStrings section of the
..config file:

//Encrypts the connectionStrings section of the .config file if
not already
static void ConfigEncryption()
{
string exeName = Assembly.GetExecutingAssembly().Location;

// Open the configuration file and retrieve
// the connectionStrings section.
Configuration config =
ConfigurationManager.OpenExeConfiguration(exeName) ;

ConnectionStringsSection section =
config.GetSection("connectionStrings") as ConnectionStringsSection;

//If the section is not already encrypted
if (!section.SectionInformation.IsProtected)
{
// Encrypt the section.

section.SectionInformation.ProtectSection("RsaProt ectedConfigurationProvider");

// Save the current configuration if we encrypted it
config.Save();
}
}

I believe my problem stems from the fact that when encrypted, the
encryption keys used are based on the machine that did the encrypting.
Other machines, because they do not have the keys, cannot decrypt the
connectionString. Somehow, I need to let the other workstations know
how to decrypt the connectionString section of the .config file.

Can anyone suggest any means to do what I want? What I want is the
following:

1. Be able to run the app from a network share from one or more
workstations.
2. Be able to encrypt the connectionStrings section of the .config
file.

Thanks for any information,

Chris

Aug 10 '06 #1
5 2448
Well, have you tried looking into the DpapiProtectedConfigurationProvider? I
suspect you may be able to export the dpapi keys and import them into the
other user's (or machines) profiles. Perhaps. Maybe.

Marc
Aug 10 '06 #2
Marc,

That's not going to work, as I think you have to base it either on the
machine, or the user, both of which will create a problem in this situation.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Marc Gravell" <ma**********@gmail.comwrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...
Well, have you tried looking into the DpapiProtectedConfigurationProvider?
I suspect you may be able to export the dpapi keys and import them into
the other user's (or machines) profiles. Perhaps. Maybe.

Marc

Aug 10 '06 #3
Fair enough; I was thinking of asp.net, where you can use aspnet_regiis with
"-pc -exp" (generate), "-px -pri" (export), "-pi" (import), "-pa" (grant
access) and "-pe" (encrypt) to share the encyption keys around a cluster.

Oh well... sorry if I only added confusion...

Marc
Aug 10 '06 #4
If I may ask. Why not use integrated security, then you don't have to worry
about the connection string?

--
William Stacey [MVP]

"Chris Dunaway" <du******@gmail.comwrote in message
news:11*********************@p79g2000cwp.googlegro ups.com...
|I have an application which is installed on a network share to be run
| from one or more workstations. I have granted trust to the
| applications on the workstations and the appropriate permissions on the
| shared folder and the user's can execute the app with no problem.
|
| I do have a problem, however, after the application starts. In the
| application's .config file, the connectionStrings section of the file
| is encrypted upon first run of the app (this is temporary). When
| encrypted, the connectionStrings section can only be successfully
| decrypted on the machine that first encrypted it. Other workstations
| will not be able to run because they cannot decrypt the
| connectionStrings section.
|
| Here is the code used to encrypt the connectionStrings section of the
| .config file:
|
| //Encrypts the connectionStrings section of the .config file if
| not already
| static void ConfigEncryption()
| {
| string exeName = Assembly.GetExecutingAssembly().Location;
|
| // Open the configuration file and retrieve
| // the connectionStrings section.
| Configuration config =
| ConfigurationManager.OpenExeConfiguration(exeName) ;
|
| ConnectionStringsSection section =
| config.GetSection("connectionStrings") as ConnectionStringsSection;
|
| //If the section is not already encrypted
| if (!section.SectionInformation.IsProtected)
| {
| // Encrypt the section.
|
|
section.SectionInformation.ProtectSection("RsaProt ectedConfigurationProvider");
|
| // Save the current configuration if we encrypted it
| config.Save();
| }
| }
|
| I believe my problem stems from the fact that when encrypted, the
| encryption keys used are based on the machine that did the encrypting.
| Other machines, because they do not have the keys, cannot decrypt the
| connectionString. Somehow, I need to let the other workstations know
| how to decrypt the connectionString section of the .config file.
|
| Can anyone suggest any means to do what I want? What I want is the
| following:
|
| 1. Be able to run the app from a network share from one or more
| workstations.
| 2. Be able to encrypt the connectionStrings section of the .config
| file.
|
| Thanks for any information,
|
| Chris
|
Aug 10 '06 #5
William Stacey [MVP] wrote:
If I may ask. Why not use integrated security, then you don't have to worry
about the connection string?
Well, the simple answer to that is that I don't have control over that.
We just want to prevent casual browsing of the database. Encrypting
the connection string in this manner seemed a very simple way of doing
it.

Aug 11 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Paul Robinson | last post by:
I am developing a website in ASP that connects to a Sybase database. However, when I try to open a connection to the database the page will not load. The script does not timeout, nor the...
4
by: Mike Dole | last post by:
I'm working on a client - server application based on the 'How to Sockets Server and How to Sockets Client' code from the Visual Basic ..NET Resource Kit. Since I want to be able to send 'big...
6
by: Dayne | last post by:
Guys, I am writing a database application(vb.net , sql server) and is presently storing the connection settings in a xml file...not very secure though. What is a safer method in a dynamic...
10
by: Brian Conway | last post by:
I have no idea what is going on. I have a Login screen where someone types in their login information and this populates a datagrid based off of the login. Works great in debug and test through...
1
by: vighnesh | last post by:
Hi All I am dealing a project in ASP.NET in which I have to establish a connection to SQL Server 2000 database,where the database was located on a remote system. For this I have used...
2
by: hfk0 | last post by:
Hi, I have a simple asp.net application running ok on my WinXP development server with SQL Server Express 2005 installed locally. After moving to the live server (Win 2000 server with MSDE 2000...
1
by: girthyvhf | last post by:
Hello all, I am trying to use the example for encrypting connection strings called: How To: Build And Run the Protected Configuration Provider Example. This is located in VS 2005 help at: ...
16
by: crbd98 | last post by:
Hello All, Some time ago, I implemented a data access layer that included a simple connectin pool. At the time, I did it all by myself: I created N connections, each connection associated with...
2
by: SeeSharp Bint | last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms application. Temporarily, for my database application, I have been storing the various elements of database connection...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.