Encrypting/Decrypting app.config

Topics: Cryptography Application Block, Data Access Application Block
Jul 17, 2010 at 8:17 PM

I have a WinForm application that I distribute to members of my advertising business. The app uses two connection strings that point to a “shared hosting” SQL Server 2008 server. While the connection over the ‘wire’ is encrypted between the app and my hosting provider, the application’s *.exe.config file, which is installed on the member’s computer, exposes both connection strings, revealing my server address, username; and password.


I’m looking for a solution that allows me, in my code, to encrypt both connection strings, to prevent my members from reading connection information, which decrypts the connection strings only when the application is communicating with the data server.


I have implemented the Entrlib 4.1 Data Access Application Block to code the data access layer but I am having a very difficult time following the documentation to implement the Cryptography Application Block.


What I would like help with is how to accomplish the encryption/decryption using a key file that is installed along with the application onto the member’s computer. Is this possible; and is it advised – if not, what would you recommend?

Jul 19, 2010 at 8:21 AM

Here's a related thread http://entlib.codeplex.com/Thread/View.aspx?ThreadId=10300 see if it may help.

Gino Terrado
Global Technology and Solutions
Avanade, Inc.