how to encrypt/decrypt of web.config in asp dot net

Posted by Rahamath under ASP.NET on 3/13/2013 | Points: 10 | Views : 2847 | Status : [Member] | Replies : 4
Hi

I have to host my application in a shared server.i fear that he may see my appsettings.so,I want to encrypt appsettings in web config file alone by coding or by any means.How to do this plz help.

How to Ecrypt/Decrypt Web config <appsettings> in asp dot net 4.0?

Rahamath


Responses

Posted by: Asarikumar on: 3/13/2013 [Member] Starter | Points: 25

Up
0
Down
hi,

example code:

protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{
//encrypt

TextBox2.Text = EncriptDecript.Encrypt(TextBox1.Text.Trim(), "kumar");
}
protected void Button2_Click(object sender, EventArgs e)
{
//decrypt

TextBox2.Text = EncriptDecript.Decrypt(TextBox1.Text.Trim(), "kumar");


}
public class EncriptDecript
{
public static string Encrypt(string clearText, string Key)
{
byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Key, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
byte[] encryptedData = Encrypt(clearBytes, pdb.GetBytes(32), pdb.GetBytes(16));
return Convert.ToBase64String(encryptedData);
}
public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
{
MemoryStream ms = new MemoryStream();
Rijndael alg = Rijndael.Create();
alg.Key = Key;
alg.IV = IV;
CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(clearData, 0, clearData.Length);
cs.Close();
byte[] encryptedData = ms.ToArray();
return encryptedData;

}
public static string Decrypt(string cipherText, string Key)
{
byte[] cipherBytes = Convert.FromBase64String(cipherText);
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Key, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
byte[] decryptedData = Decrypt(cipherBytes, pdb.GetBytes(32), pdb.GetBytes(16));
return System.Text.Encoding.Unicode.GetString(decryptedData);

}

public static byte[] Decrypt(byte[] cipherData, byte[] Key, byte[] IV)
{
MemoryStream ms = new MemoryStream();
Rijndael alg = Rijndael.Create();
alg.Key = Key;
alg.IV = IV;
CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write);
cs.Write(cipherData, 0, cipherData.Length);
cs.Close();
byte[] decryptedData = ms.ToArray();
return decryptedData;

}
}
step :1 first encrypt connection string and put web.config<app settings>
step :2 write decrypt code in asp file to call....use same key

public static SqlConnection GetConnectionObject()
{

string Encryptedconnectionstring = ConfigurationManager.AppSettings["defaultConnection"].ToString();
string decryptedConnectionString = EncriptDecript.Decrypt(Encryptedconnectionstring, "kumar");

string connectionString = decryptedConnectionString;
//string connectionString = Encryptedconnectionstring;
if (connectionString == null || connectionString.Length == 0) throw new ArgumentNullException("connectionString");
SqlConnection con = new SqlConnection(connectionString);
return con;
}
public class EncriptDecript
{

public static string Decrypt(string cipherText, string Key)
{
byte[] cipherBytes = Convert.FromBase64String(cipherText);
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Key, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
byte[] decryptedData = Decrypt(cipherBytes, pdb.GetBytes(32), pdb.GetBytes(16));
return System.Text.Encoding.Unicode.GetString(decryptedData);

}

public static byte[] Decrypt(byte[] cipherData, byte[] Key, byte[] IV)
{
MemoryStream ms = new MemoryStream();
Rijndael alg = Rijndael.Create();
alg.Key = Key;
alg.IV = IV;
CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write);
cs.Write(cipherData, 0, cipherData.Length);
cs.Close();
byte[] decryptedData = ms.ToArray();
return decryptedData;

}
}
thanks

Rahamath, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyapriyanayak on: 3/13/2013 [Member] [MVP] Silver | Points: 25

Up
0
Down
http://www.dotnetfunda.com/articles/article1572-encrypt-and-decrypt-webconfig.aspx
http://adamjohnston.me/2012/10/19/encrypting-asp-net-appsettings-web-config-file/

If this post helps you mark it as answer
Thanks

Rahamath, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Prabu_Spark on: 3/13/2013 [Member] Starter | Points: 25

Up
0
Down
Hi sir,
Can you give the sample code as attachment in forum, so that i can able to understand the concept clearly.
Kindly give me the solution for this problem.





With regards,
J.Prabu.
[Email:prbspark@gmail.com]

Rahamath, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rahamath on: 3/14/2013 [Member] Starter | Points: 25

Up
0
Down
when i tried to encrypt iam getting following Error please help me....to find my error...
System.Security.Cryptography.CryptographicException: Object already exists.

my coding was
Configuration confi = WebConfigurationManager.OpenWebConfiguration("~");
AppSettingsSection objAppsettings = (AppSettingsSection)confi.GetSection("appSettings");
if (!objAppsettings.SectionInformation.IsProtected)
{
objAppsettings.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
//objAppsettings.SectionInformation.ForceSave = true;
confi.Save(ConfigurationSaveMode.Modified, true);
ConfigurationManager.RefreshSection("appSettings");
}


am geting error on line "confi.Save(ConfigurationSaveMode.Modified, true);"

Rahamath

Rahamath, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response