encrypting connection string

Topics: Data Access Application Block
Dec 8, 2011 at 10:13 AM


i just came to know about enterprise library 5.0 and planning to use for a new ASP.NET 3.5 web site.i am able to encrypt the connection string in web.config and it is working fine.Right now in my development environment i do not have any issue with changing the credential of database server and encrypting it.

but when i will be deploying it on a server then what i need to do to change the connection string according to the new database server credentials ?

i am using RSA encryptipn  with user-level key.

Dec 8, 2011 at 10:59 PM
Edited Dec 9, 2011 at 4:14 AM

The "key" step that you will need to do is to export and import the RSA Key Container.  See Importing and Exporting Protected Configuration RSA Key Containers
for the full steps involved.

Will the configuration be encrypted during the build process (by development/release management) or during the (pre) deployment process (by operations)? 

If it will be done during build then: create a key container, export the key container, modify the connection string, encrypt the section, and supply the exported key
container as part of the deployment. During deployment import the key container and everything should just work.

If the encryption will be done during deployment then you can supply an encrypted or unencrypted configuration.  If it is encrypted you would also supply your
key container so that it could be imported.  Then the section can be unencrypted using the development key, the settings modified, and the section encrypted using the
production key (that would have to be created).
You can use aspnet_regiis to perform the encryption/decryption/key maintenance in addition to the encryption/decryption done by the configuration tool.

Randy Levy
Enterprise Library support engineer

Dec 9, 2011 at 4:27 AM


Thanks a lot for your immediate reply.

if i have unecrypted configuration and after deployment i want to encrypt it then can i do so.? i mean just like when i am doing this encryption activity on my development machine then i do not have to take care about importing or exporting keys.in the same manner i want to do this activity on the server after deployment to avoid the export /import activity.It will also save my time if the database server credentials keeps changes after a certain time then it will not take much time to change the configuration. 

Dec 9, 2011 at 4:48 AM

Yes, you can encrypt your configuration after deployment.  You can use the Enterprise Library configuration tool or ASP.NET IIS Registration Tool.

The IIS Registration tool supports many different encryption scenarios and may already be installed on the target server.  I think it only acts on a file
called web.config but you can always rename the file after it is encrypted (if dealing with app.config).  

Randy Levy
Enterprise Library support engineer